agent-wechatbot
Pass
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill uses a custom CLI tool (agent-wechatbot) through shell commands to interact with the WeChat API. This includes operations for authentication, sending various message types (text, image, news), and retrieving account metadata. All commands are scoped within the provided templates and documentation.\n- [EXTERNAL_DOWNLOADS]: The skill requires the agent-messenger package from the npm registry. The documentation includes specific warnings to prevent the installation of typosquatted packages by clarifying that the binary name differs from the package name, demonstrating good security practice.\n- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it ingests untrusted data from the WeChat API (such as follower names or template content) which is then stored in the agent's memory file.\n
- Ingestion points: Data retrieved via user list, user get, and template list commands in SKILL.md.\n
- Boundary markers: The instructions do not define specific delimiters for separating API-provided data from agent instructions.\n
- Capability inventory: The agent can execute shell commands via the agent-wechatbot tool and read/write local configuration and memory files as described in SKILL.md and scripts in the templates/ directory.\n
- Sanitization: No explicit sanitization or filtering of remote data is mentioned before processing.
Audit Metadata