post-to-xhs

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow (SKILL.md "URL 提取模式" / "WebFetch 提取网页内容") and the pipeline scripts (publish_pipeline.py supporting --image-urls and image_downloader.py which downloads arbitrary image URLs) show the agent fetches and ingests content from user-supplied/public web pages and images and then summarizes/uses that content to compose and publish posts, so untrusted third‑party content can influence subsequent actions.