agent-wechatbot

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt explicitly uses an "auth set " CLI pattern and documents storing an "app_secret" in a credentials file, which encourages passing and handling secrets as literal values (including in generated commands), creating a clear exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly calls the WeChat Official Account API to fetch follower and template data (e.g., agent-wechatbot user list and agent-wechatbot template list shown in SKILL.md, references/common-patterns.md, and templates/*.sh), emits JSON "for AI consumption", and the agent is instructed to read/act on that returned user-generated/third-party data (select recipients, templates, and drive sends), so untrusted third‑party content can materially influence subsequent tool actions.