wechat-2d-render

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). This is a third‑party GitHub repository (not a well‑known official source) that contains shell scripts and Node dependency installs which, if cloned and executed, can run arbitrary code—there are no direct .exe/.msi downloads or URL shorteners, so it's moderately risky but not an immediate obvious malware host.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's required workflow and script explicitly clone/update and run code from the public GitHub repo (REPO_URL default https://github.com/sxhzju/wechat-2d.git) and load a props JSON from that repo, so untrusted repository/user-generated content is fetched and executed/read and can influence outputs the agent uses.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill clones/updates and then runs code from the remote repository https://github.com/sxhzju/wechat-2d.git at runtime (git clone/pull, pnpm install, and pnpm run remotion:render), so fetched content is executed locally and can control behavior.