wechat-daily-report
Fail
Audited by Snyk on Jun 24, 2026
Risk Level: CRITICAL
Full Analysis
CRITICAL E005: Suspicious download URL detected in skill instructions.
- Suspicious download URL detected (high risk: 0.80). These are GitHub repositories (not simple CDN downloads) that clone/run a third‑party wechat‑decrypt tool, compile and execute native code, install dependencies and access local WeChat databases — legitimate on GitHub but risky if the authors/repositories are not trusted because the workflow executes code with elevated/local-data access and could be used to distribute malware.
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.95). Step 5/6 ingests
simplified_chat*.txtandstats.jsongenerated from decrypted WeChat message content (outsider-authored group chat text) into the agent’s LLM context forai_content.jsongeneration.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.95). High-confidence: setup_check.py, which the SKILL instructs to run with --ensure-decryptor, will git-clone the remote repository https://github.com/ylytdeng/wechat-decrypt at runtime and the project later executes that vendor code (via decrypt_wechat.py calling main.py / compiled scanner), meaning fetched remote code is required and executed.
Issues (3)
E005
CRITICALSuspicious download URL detected in skill instructions.
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata