The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses the pyautogui library to control the host system by simulating mouse clicks, keyboard presses, and hotkey combinations to interact with the WeChat application.
[COMMAND_EXECUTION]: The code explicitly disables the library's built-in safety failsafe mechanism in both server.py and auto_reply.py (pyautogui.FAILSAFE = False), preventing the user from interrupting automated actions by moving the mouse to a corner of the screen.
[DATA_EXFILTRATION]: The skill captures visual data of the WeChat interface, including private chat histories and contact lists, and saves them as image files (e.g., last_chat.png, contact_name.png, verify.png) in the skill's directory, exposing sensitive information locally.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and processes untrusted visual data from a third-party messaging application. \n- Ingestion points: Screenshots of the WeChat chat area and contact names are captured in server.py and auto_reply.py. \n- Boundary markers: No delimiters or instructions are present to help the agent distinguish between application data and legitimate commands. \n- Capability inventory: Extensive GUI automation capabilities in server.py allow the agent to click, type, and send messages based on processed data. \n- Sanitization: There is no filtering or sanitization of the text content visually extracted from the WeChat UI.
[EXTERNAL_DOWNLOADS]: The skill requires the installation of several external Python packages from the standard PyPI registry, including pyautogui, pygetwindow, and Pillow.

wechat-mcp