baoyu-post-to-wechat

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs the agent to prompt the user for AppID/AppSecret and write those values into .env (and references including access tokens in request URLs), which requires the LLM to receive and embed secret values verbatim, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's md-to-wechat.ts explicitly downloads remote URLs referenced in Markdown (downloadFile/resolveImagePath) and parses frontmatter/markdown metadata, meaning the agent ingests untrusted third-party content (arbitrary HTTP/HTTPS image URLs and frontmatter) that is used to construct the published article and API payloads (scripts/md-to-wechat.ts and SKILL.md article posting workflow), so external content can influence actions beyond mere display.