wechat-channel
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill is configured with 'Bash', 'Read', 'Write', and 'Edit' tools. These capabilities allow the agent to perform system-level actions. Given that the skill's purpose is to process external messages, this represents a significant privilege level that must be carefully managed.\n- [EXTERNAL_DOWNLOADS] (LOW): The documentation instructs the user to install several npm packages: 'wechaty', 'wechaty-puppet-padlocal', 'axios', and 'dotenv'. While common in the WeChat bot ecosystem, 'wechaty-puppet-padlocal' is a third-party puppet service that is not on the trusted source list.\n- [PROMPT_INJECTION] (LOW): The skill possesses an Indirect Prompt Injection surface (Category 8).\n
- Ingestion points: External messages from WeChat users and groups are passed to the agent via 'scripts/wechat-bridge.js'.\n
- Boundary markers: The documentation mentions a mention requirement for group chats but lacks details on delimiters or 'ignore' instructions for the content itself.\n
- Capability inventory: The agent has full access to the 'Bash' tool and file system manipulation tools.\n
- Sanitization: No sanitization or validation logic is described for the incoming message payloads.
Audit Metadata