md2wechat

[Skill Scanner] Detected jailbreak/DAN attempt All findings: [CRITICAL] prompt_injection: Detected jailbreak/DAN attempt (PI003) [AITech 1.1] [CRITICAL] prompt_injection: Detected jailbreak/DAN attempt (PI003) [AITech 1.1] [CRITICAL] prompt_injection: Detected jailbreak/DAN attempt (PI003) [AITech 1.1] [CRITICAL] prompt_injection: Detected jailbreak/DAN attempt (PI003) [AITech 1.1] [CRITICAL] prompt_injection: Detected jailbreak/DAN attempt (PI003) [AITech 1.1] [CRITICAL] prompt_injection: Detected jailbreak/DAN attempt (PI003) [AITech 1.1] [CRITICAL] command_injection: Instruction to copy/paste content into terminal detected (CI012) [AITech 9.1.4] [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] [CRITICAL] prompt_injection: Detected jailbreak/DAN attempt (PI003) [AITech 1.1] [CRITICAL] prompt_injection: Detected jailbreak/DAN attempt (PI003) [AITech 1.1] [CRITICAL] prompt_injection: Detected jailbreak/DAN attempt (PI003) [AITech 1.1] [CRITICAL] prompt_injection: Detected jailbreak/DAN attempt (PI003) [AITech 1.1] [CRITICAL] prompt_injection: Detected jailbreak/DAN attempt (PI003) [AITech 1.1] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] BENIGN: The skill content and described data flows are coherent with the stated purpose (MD-to-WeChat conversion with optional AI styling and image handling). It requires explicit, user-supplied credentials via environment variables and interacts with standard external services (WeChat API, image generation API). No evidence of credential harvesting, backdoors, or extraneous data paths beyond documented APIs and user content. Security risk is moderate due to handling of API keys and third-party services, but the design aligns with legitimate usage. LLM verification: The MD-to-WeChat HTML conversion workflow is plausible and useful, but documentation reveals high-risk credential handling patterns (AppID/Secret prompts, ~/.config references, external URL downloads) and jailbreak-related signals that should be sanitized. To safely adopt this in a supply chain, enforce secure secret handling (no hard-coded keys, use secure vaults, scope-limited credentials), verify trusted endpoints, and provide clear user-consent and data-flow disclosures. The overall assessme