wechat-draft-publisher
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFECREDENTIALS_UNSAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [CREDENTIALS_UNSAFE] (LOW): The skill instructs users to store sensitive WeChat credentials (AppID and AppSecret) in a local JSON configuration file (
~/.wechat-publisher/config.json). While common for developer tools, this represents local exposure of API secrets. - [PROMPT_INJECTION] (LOW): The skill parses untrusted HTML files to automatically extract titles and other metadata, creating a surface for indirect prompt injection. Evidence Chain: 1. Ingestion points: HTML files (SKILL.md). 2. Boundary markers: None present. 3. Capability inventory: Execution of local Python and Shell scripts (SKILL.md). 4. Sanitization: Mentions automatic optimization and field truncation, but not robust safety filtering.
- [COMMAND_EXECUTION] (SAFE): The execution of local scripts (publisher.py, install.sh) is a core part of the tool's intended functionality and is aligned with its stated purpose of automating publication workflows.
Audit Metadata