Skills
skills/alpha-hecoding/awesome-skills/wechat-article-maker/Snyk

wechat-article-maker

Warn

Audited by Snyk on May 1, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to perform WebSearch/WebFetch and "下载文章链接"/"读取 URL 内容" and to automatically download and parse remote HTML and images (see "流程1 步骤2: 使用 WebSearch/WebFetch", "流程 2: 链接文章发布" and "步骤 11: 自动下载 HTML 中的远程图片"), so the agent ingests untrusted public web content and uses that content to drive generation and publishing actions — creating a clear avenue for indirect prompt injection.

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
May 1, 2026, 05:30 AM
Issues
1