wecomcli-doc

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md and API references explicitly instruct the agent to fetch and read Markdown content from user-supplied doc URLs or docids (e.g., get_doc_content for https://doc.weixin.qq.com/doc/* and smartpage_export_task/smartpage_get_export_result for https://doc.weixin.qq.com/smartpage/*), meaning arbitrary third-party/user-authored document content is ingested and used to guide editing and next actions, which could carry indirect prompt injections.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly accepts and fetches document content at runtime from https://doc.weixin.qq.com/* (e.g., /doc/* and /smartpage/*) via get_doc_content and smartpage_export_task/smartpage_get_export_result and returns the fetched Markdown content which can be injected into the agent context and thus influence prompts/responses.