wechat-article-search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's main script (scripts/search_wechat.js) autonomously fetches and scrapes public webpages from weixin.sogou.com (and follows/parses resulting mp.weixin.qq.com article pages), treating untrusted, user-generated article HTML as input that it parses and uses to drive URL resolution and subsequent actions, which meets all criteria for exposure to indirect prompt injection.