wechat-daily-report

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow (SKILL.md and scripts/analyze_chat.py) explicitly reads user-generated group messages from the local decrypted WeChat databases (vendor/wechat-decrypt/decrypted: contact/message/*.db), produces simplified_chat.txt which is then consumed by the AI prompt (references/ai_prompt.md) to generate ai_content.json, so untrusted third‑party chat content is ingested and can materially influence AI outputs and subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The setup_check.py script will git-clone and install the external repository https://github.com/ylytdeng/wechat-decrypt at runtime (via ensure_decryptor) and decrypt_wechat.py then executes scripts from vendor/wechat-decrypt (e.g., main.py/decrypt, decrypt_db.py), meaning fetched remote code is executed and is a required dependency.