access

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill reads and acts on ~/.claude/channels/wechat/access.json (notably "pending" entries that "the channel server may have added") which are populated from WeChat/user messages (untrusted third‑party user-generated content) and uses those pending codes/senderIds to approve or alter access, so external content can directly influence approval decisions.