wechat-sticker-maker
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- Unverifiable Dependencies & Remote Code Execution (MEDIUM): The skill utilizes a shell script to automate its execution environment setup. \n
- Evidence:
run.shcontains commands to create a virtual environment and executepip install -q -r requirements.txt. \n - Risk: This pattern involves installing third-party code from external registries without integrity verification (e.g., hash checking), which is a common vector for supply chain attacks. \n- Data Exposure & Exfiltration (MEDIUM): The skill includes functionality that triggers network connections to non-whitelisted domains. \n
- Evidence: The
rembglibrary, used inmake_stickers.py, automatically downloads AI model files (such as U2-Net) from external repositories upon first invocation. \n - Risk: Automated downloads of binary content at runtime bypass static security filters and can be exploited if the download source is compromised. \n- Indirect Prompt Injection (LOW): The skill acts as an ingestion point for untrusted external data. \n
- Evidence:
make_stickers.pyopens and processes image files provided as command-line arguments. \n - Risk: While the current logic is limited to image manipulation and template text generation, processing unvalidated external content represents a surface for potential injection if the agent is later directed to interpret the output or metadata from these files.
Audit Metadata