wxauto

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes examples that pass tokens and activation codes directly on the command line and in HTTP headers (e.g., --token "my-token", Authorization: "Bearer token"), which requires the agent to embed secret values verbatim in generated commands/code and thus poses exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's core scripts and SKILL.md show it calls the local wxauto-restful-api to fetch and display WeChat messages (e.g., scripts/wxapi.py functions cmd_getmsg, cmd_newmsg and SKILL.md "读取消息"/"获取新消息"), which are untrusted user-generated chat content that the agent reads as part of its workflow and could influence subsequent actions (it can also clone/start third-party code from GitHub when auto-deploying), creating a risk of indirect prompt injection.