wewrite-wechat-ai-publishing
Pass
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill clones its primary codebase and supporting assets from a GitHub repository (
github.com/oaker-io/wewrite.git). This is a standard installation procedure for this tool suite. - [COMMAND_EXECUTION]: The skill executes a series of Python scripts located in the
scripts/andtoolkit/directories viasubprocess.runto perform various pipeline tasks, such as fetching hotspots, generating images, and publishing drafts. - [CREDENTIALS_UNSAFE]: The skill requires several sensitive credentials (WeChat AppID/Secret and AI provider API keys). It follows safe practices by instructing users to utilize environment variables or a separate configuration file rather than hardcoding secrets directly into the skill code.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted data from external trending topics (Weibo, Baidu, Toutiao) via
scripts/fetch_hotspots.pywhich is then processed by the agent to create articles. - Ingestion points:
scripts/fetch_hotspots.py(fetches real-time trending topics from Weibo, Toutiao, and Baidu). - Boundary markers: No explicit instruction delimiters or boundary markers are defined in the SKILL.md for the scraped content.
- Capability inventory:
subprocess.run(script execution),toolkit/publisher.py(WeChat API interaction), and file system writes tooutput/. - Sanitization: No explicit sanitization or validation of the scraped hotspot data is described before it is provided to the agent context.
Audit Metadata