The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses the shell to execute the wx binary (wx-cli) for fetching chat history, session information, and contact details. It also runs environment checks like ls and wc. All commands are documented as requiring explicit user permission or sandbox adjustments.
[EXTERNAL_DOWNLOADS]: The documentation instructs the user to manually install the @jackwener/wx-cli package via NPM. It explicitly forbids the agent from performing silent or piped installations of this dependency.
[DATA_EXPOSURE]: The skill is designed to read private WeChat message databases and user configurations from ~/Library/Containers/com.tencent.xinWeChat/ and ~/.wx-cli/. It includes specific instructions to handle this sensitive data with care, focusing on summarization and internal profile building without external exfiltration.
[PROMPT_INJECTION]: The skill processes untrusted content (WeChat messages) which represents an indirect prompt injection surface. However, it implements boundary markers including privacy guardrails, structured output formatting (e.g., using specific quote characters), and filtering of noise to mitigate the risk of embedded instructions influencing the agent's behavior.
[PRIVILEGE_ESCALATION]: The troubleshooting documentation provides sudo commands for the user to fix file ownership issues but strictly prohibits the agent from executing sudo on its own.

baoyu-wechat-summary