baoyu-post-to-wechat

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill downloads and embeds remote, user-supplied content from open URLs (see scripts/md-to-wechat.ts: downloadFile/resolveImagePath which fetches http(s) image links from markdown, and scripts/md/extensions/plantuml.ts: fetchSvgContent / generatePlantUMLUrl which fetches SVGs from the public PlantUML server), so the agent ingests and renders untrusted third‑party content as part of its workflow.