wechat-article-fetcher

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill asks the user to provide a flomo API URL/secret and describes pushing summaries via POST (and an optional API URL parameter), which implies the agent may need to accept and embed that secret verbatim in requests or generated commands/code — a direct secret-handling/exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's bin/main.py takes arbitrary mp.weixin.qq.com article URLs and utils/downloader.py.fetch_html downloads those public WeChat (user-generated) pages which utils/parser.py then parses and the agent prints/uses, so it clearly ingests untrusted third‑party content (WeChat public articles) as part of its workflow.