wespy-fetcher

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). Not direct executable downloads but moderately suspicious because mp.weixin.qq.com pages can host arbitrary payloads and the GitHub repo (tianchangNorth/WeSpy) is an unknown third‑party source that the skill auto‑clones and runs—running unreviewed code from GitHub/WeChat posts can distribute malware.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill (see SKILL.md and scripts/wespy_cli.py) delegates to the WeSpy tool to fetch and convert arbitrary public web pages (e.g., mp.weixin.qq.com and other user-provided URLs) into Markdown, so untrusted, user-generated third‑party content from the open web is ingested and can influence the agent's behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill automatically performs a runtime git clone of https://github.com/tianchangNorth/WeSpy.git and then imports and calls wespy.main.main from that fetched repository, meaning remotely fetched code is executed and is a required dependency.