md2wechat

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill clearly fetches and ingests open web content — e.g., the download_and_upload "https://example.com/image.png" command for online images and the API mode that calls md2wechat.cn — and the workflow explicitly tells the agent to "read the article" and process external image URLs, so it will read/interpret untrusted third‑party content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The run.sh wrapper will download and exec a remote binary at runtime from the GitHub releases URL (https://github.com/hansonyyds/md2wechat-skill/releases/download/v${VERSION}/${bin_name}), which fetches and executes remote code as a required runtime dependency.