desktop

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). This toolkit is dual‑use but contains deliberate stealthy monitoring and automated messaging/file‑sending capabilities (silent WeChat window screenshots, trigger keyword detection writing atomic trigger files, background monitor, and scripts to paste/send local files) that enable covert data collection and exfiltration and can be used as a backdoor/remote trigger even though it makes no direct network calls itself.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly captures and OCRs live WeChat chat content (see wechat-monitor.sh and wechat-read.sh which screencapture the chat region and feed it to ocr.py), meaning untrusted, user-generated third‑party messages are read and used to trigger agent actions (e.g., writing /tmp/wechat-trigger), enabling indirect prompt injection.