wechat-article-publisher
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [CREDENTIALS_UNSAFE] (HIGH): The skill instructions direct the agent to execute
cat .env | grep WECHAT_API_KEY. This action reads sensitive credentials from a file and places them directly into the agent's conversation context, increasing the risk of credential leakage through logs or subsequent prompt injections. - [COMMAND_EXECUTION] (MEDIUM): The skill relies on the execution of local scripts (
wechat_api.pyandparse_markdown.py) located in~/.claude/skills/wechat-article-publisher/scripts/. The source code for these scripts was not provided, making their behavior unverifiable. - [DATA_EXFILTRATION] (LOW): The skill is designed to send article content and authentication tokens to
https://wx.limyai.com. While this is the primary function of the skill, the destination is a non-whitelisted third-party domain, posing a potential risk if the service is compromised. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill processes untrusted Markdown and HTML files provided by users.
- Ingestion points: Path arguments passed to
wechat_api.py(e.g.,/path/to/article.md). - Boundary markers: None identified; user-provided file content is directly parsed.
- Capability inventory: Subprocess execution of Python scripts and network POST requests to an external API.
- Sanitization: No evidence of input sanitization or validation of the file content before processing.
Audit Metadata