baoyu-post-to-wechat

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs the agent to prompt for WeChat AppID/AppSecret and write them directly into .env (and may echo them into commands/files), which requires the LLM to accept and output secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's browser publishing workflow (Step 4 in SKILL.md and the references/article-posting.md examples) explicitly launches Chrome and automates the WeChat Official Account editor (mp.weixin.qq.com) via CDP to read DOM content (placeholders, editor text) and perform paste/replace actions, and the md-to-wechat/resolveContentImages flow can fetch external image URLs, so it clearly consumes untrusted third-party web content that can influence subsequent tool actions.