baoyu-post-to-wechat

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs the agent to prompt the user for WECHAT_APP_ID and WECHAT_APP_SECRET and to write those exact values into .env files and include them in API requests, which requires handling and embedding secrets verbatim (high exfiltration risk).

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly downloads and ingests resources from arbitrary http(s) URLs (see scripts/md-to-wechat.ts downloadFile/resolveImagePath which fetch remote image URLs) and the SKILL.md workflow relies on external links/images (conversion of external links to citations and cover-image resolution) so untrusted third‑party content can be fetched and used to determine metadata and publishing actions.