goodqunbot

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill reads user-generated WeChat chat content via wx_manager (e.g., get_group_messages, load_messages_by_date_range and scripts/get_messages.py) and then the app/main.py constructs a prompt from those messages and sends it to the OpenAI API, so untrusted third-party messages can influence the agent's instructions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The App-mode web UI (static/index.html) loads remote JavaScript at runtime from https://cdn.jsdelivr.net/npm/marked/marked.min.js, https://cdn.jsdelivr.net/npm/wordcloud@1.2.2/src/wordcloud2.min.js and https://cdn.jsdelivr.net/npm/html2canvas@1.4.1/dist/html2canvas.min.js which execute externally-hosted code in the user's browser and are required for the UI to function.