wechat-compliance-reviewer

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly requires quoting the original article text and flagging/including referral codes and links, so any secrets (API keys, tokens, passwords) present in the user-supplied content would be reproduced verbatim in the output, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly says the assistant performs "快速审查" and "深度审查" when "用户提供文章链接或粘贴内容", meaning the skill ingests arbitrary/public WeChat article URLs or pasted user-generated content and uses that content to drive compliance decisions, so it clearly consumes untrusted third‑party content that can influence actions.