baoyu-post-to-wechat
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill creates a significant attack surface by reading external markdown files and command-line arguments to perform automated actions on a live social media account. 1. Ingestion points: markdown files (article.md) and CLI parameters (--title, --content). 2. Boundary markers: Absent; no delimiters are used to separate user data from instructions. 3. Capability inventory: Uses Chrome CDP for full browser automation and session-based posting. 4. Sanitization: None described; content is directly converted and posted.
- [Command Execution] (MEDIUM): The skill executes scripts using 'npx -y bun', which involves runtime execution of TypeScript files located in the skill's subdirectory.
Recommendations
- AI detected serious security threats
Audit Metadata