baoyu-post-to-wechat

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs the agent to prompt the user for WECHAT_APP_ID and WECHAT_APP_SECRET and to write them into a .env file (embedding the secret values into generated output/commands), which requires handling and outputting secrets verbatim and is therefore high risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). Yes — the skill explicitly downloads and embeds remote, user-supplied content during conversion and publishing (e.g., scripts/md-to-wechat.ts's downloadFile for HTTP/HTTPS image URLs, scripts/md/extensions/plantuml.ts fetching SVGs from plantuml.com, and scripts/md/extensions/infographic.ts executing markdown-provided infographic code), and SKILL.md requires converting/pasting that HTML into WeChat via the browser flow (Steps 3 and 6), so untrusted third‑party content is fetched and used in the agent's runtime workflow and could therefore influence automated browser/CDP actions.