wechat-toolkit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and scrapes public, user-generated WeChat articles (e.g., scripts/search/search_wechat.js queries weixin.sogou.com and can fetch mp.weixin.qq.com content, and scripts/downloader/download.js uses Puppeteer to load mp.weixin.qq.com and extract #js_content), and SKILL.md shows a required "搜索/抓正文 → 洗稿 → 发布" workflow where the agent reads and rewrites those third‑party articles, so untrusted web content can directly influence tool actions and decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The publish.js script will run npm install -g @wenyan-md/cli at runtime if wenyan-cli is missing, causing the skill to fetch and install/execute remote code from the npm registry (e.g. https://www.npmjs.com/package/@wenyan-md/cli), which is a required runtime dependency for the publish flow.