zhy-wechat-writing

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's required Step 1 ("素材搜集") explicitly uses WebSearch and webfetch to fetch and scrape open/public third-party content (e.g., X/Twitter, Reddit, forums, mp.weixin.qq.com and arbitrary URLs supplied by the user) to build an evidence pool that the agent must read and use to generate and revise the article, so untrusted user-generated content can materially influence subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly fetches user-provided/external URLs at runtime via webfetch/WebSearch (example: "https://mp.weixin.qq.com/xxx") and injects their content into the evidence pool used to drive model prompts and article generation, meaning remote content directly controls the agent's outputs.