wechat-theme-extractor

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's extractor script (scripts/extract.py) fetches arbitrary mp.weixin.qq.com article HTML via curl and SKILL.md explicitly instructs the AI to read the saved .extracted_content.html and derive theme/configuration that will be injected into markdown-to-wechat.html, meaning untrusted third-party article content can be interpreted and drive subsequent actions.