configure

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly requires extracting the QR code/token from script output and inserting it verbatim into a command-line invocation (and also reads credential files), which forces the LLM to handle and emit secret-like values directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required login flow (SKILL.md) runs login-qr.ts which fetches a QR code from https://ilinkai.weixin.qq.com/ and login-poll.ts which polls the WeChat/iLink API and returns JSON (including token and baseUrl) that the agent ingests to set credentials and drive subsequent actions, exposing it to untrusted third‑party content that can change behavior.