The Agent Skills Directory

Data Exposure & Exfiltration (HIGH): The skill is designed for "message extraction" (消息提取) and "monitoring" (监听/监控) of private communications in WeChat. This creates a high risk of sensitive data exposure and potential exfiltration of personal or corporate chat history.- Indirect Prompt Injection (HIGH): As a tool designed to ingest untrusted external data (chat messages), it presents a critical Category 8 attack surface. Maliciously crafted messages sent to the user could be interpreted as instructions by the agent once extracted, leading to unauthorized actions. Evidence Chain: Untrusted messages enter via wechat_monitor; no boundary markers or sanitization are defined; the skill possesses input_writer and UI control capabilities.- Privilege Escalation (HIGH): The skill mentions using the Accessibility API on macOS. This is a high-privilege permission that allows an application to observe and interact with other software, frequently abused for keylogging, screen scraping, and bypassing security prompts.- Command Execution (MEDIUM): Through "UI Automation" and "input box control," the skill allows the agent to simulate user input. While intended for WeChat, these capabilities can often be redirected to execute commands or manipulate other system elements.

wechat-automation