access
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill identifies a potential indirect prompt injection vector from untrusted WeChat channel messages. It proactively mitigates this by instructing the agent to refuse any access-related requests arriving via channel notifications, requiring the user to manually invoke the command in their terminal instead.
- [COMMAND_EXECUTION]: The skill uses restricted shell commands
mkdirandlsto manage the directory structure in~/.claude/channels/wechat/. It writes empty files named aftersenderIdvalues to track approved users. While these IDs are externally sourced, the skill's operational scope is limited to the agent's local configuration directory. - [DATA_EXFILTRATION]: The skill reads and writes configuration state to
~/.claude/channels/wechat/access.json. This file contains sensitive access control information such as user IDs and pairing codes. The analysis found no evidence of network operations or instructions to transmit this data to external servers.
Audit Metadata