Skills
skills/jasoft/ursoft-skills/wechat-send/Gen Agent Trust Hub

wechat-send

Pass

Audited by Gen Agent Trust Hub on Mar 7, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes osascript (AppleScript) and subprocess to control the WeChat desktop application and manage system functionalities like screenshots and the clipboard. These operations are implemented safely by passing command arguments as lists and avoiding the use of shell=True, which effectively prevents shell injection vulnerabilities.
  • [PROMPT_INJECTION]: The skill accepts user-provided contact names and messages, which represents a potential indirect prompt injection surface.
  • Ingestion points: contact and message arguments processed in scripts/wechat_auto.py.
  • Boundary markers: No explicit delimiters or boundary markers are used to encapsulate user content.
  • Capability inventory: Access to system-level UI automation via osascript, clipboard manipulation via pbcopy, and local screen capturing via screencapture.
  • Sanitization: The skill mitigates risks by piping user-provided text directly into pbcopy via standard input and using keyboard shortcuts (Command+V) for pasting. This ensures that the message content is treated strictly as data and cannot interfere with the logic of the automation scripts or the underlying system tools.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 7, 2026, 05:17 PM