wx-cli-wechat-local-data

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). Although the GitHub and WeChat domains themselves are legitimate, these URLs point to an unknown third‑party repo whose installer scripts are offered as raw .sh/.ps1 that the skill explicitly tells users to pipe to shell/PowerShell and to run privileged initialization (memory scanning, sudo, codesign), which is a high‑risk pattern for distributing malware or credential/data‑exfiltration tools.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill explicitly reads user-generated third-party content from local WeChat (messages, moments, and public account articles) as part of its normal workflow (e.g., commands like "wx search", "wx sns-feed", and "wx biz-articles" in SKILL.md), so an agent consuming those JSON outputs could be influenced by untrusted external instructions embedded in that content.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill instructs re-signing WeChat, resetting TCC permissions, running sudo wx init (and other admin/installer commands like curl|bash and PowerShell as Administrator), and scanning another app's memory — all actions that modify system/app state, require elevated privileges, or bypass platform security controls.