configure

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs extracting the QR code/token and passing it verbatim on the command line (bun <...> ) and the poll prints/stores credentials, so the agent must handle secret-like values directly in commands.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's login flow runs login-qr.ts which fetches a QR code and URL from the public https://ilinkai.weixin.qq.com/ endpoint and then runs login-poll.ts that polls the WeChat API and returns JSON (including token and baseUrl) which the skill reads and saves, so external/untrusted third‑party responses directly influence credentialing and subsequent agent behavior.