wechat-article
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill requests WeChat API credentials (AppID and AppSecret) from the user and stores them in a local JSON configuration file (
wechat-article.config.json). This is standard practice for tools requiring API access and does not involve hardcoding secrets. - [SAFE]: Network communication in
scripts/publish_draft.pyis directed exclusively to official WeChat API endpoints (api.weixin.qq.com) to upload media and create drafts. These are well-known service domains. - [SAFE]: A critical safety gate is included in the
SKILL.mdworkflow (Step 5), which forces the agent to present a preview of the article and cover image to the user and wait for an explicit "Confirm Publish" command before any data is sent to the WeChat API. - [SAFE]: The skill uses standard, reputable Python libraries (
Pillow,jinja2,playwright) for its image processing and template rendering tasks. All script executions (e.g., callingcreate_cover.pyfromcreate_cover_preview_grid.py) are internal to the skill's own package.
Audit Metadata