baoyu-wechat-summary

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs the agent to ingest raw group messages and preserve/quote message content verbatim in the generated digest (and to "preserve quotes" and "expand into full content"), so any secrets present in chat (API keys, tokens, passwords) would be reproduced by the LLM — creating a high exfiltration risk.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly requires running external wx-cli commands with dangerouslyDisableSandbox: true (bypassing the sandbox) and directs users to run sudo chown / sudo init recovery steps (and suggests sudo as a fallback), which instructs disabling security protections and handling privileged files, so it pushes the agent toward compromising the host state.