baoyu-post-to-wechat
Warn
Audited by Snyk on May 21, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.80). The skill's required browser workflow (SKILL.md Step 4 and scripts/wechat-agent-browser.ts) explicitly opens and snapshots the public WeChat site (https://mp.weixin.qq.com) and parses DOM/text to decide clicks/fills, and the API flow (scripts/wechat-api.ts loadUploadAsset) fetches arbitrary http(s) image URLs — i.e., untrusted third‑party web content is ingested and can change navigation/actions.
Issues (1)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata