The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructs the user to execute various commands using the qwen CLI tool (e.g., qwen channel configure-weixin, qwen channel start). These commands are standard administrative operations for managing the assistant's communication channels.
[DATA_EXPOSURE]: The skill references a local configuration file ~/.qwen/channels/weixin/account.json which contains sensitive authentication tokens. The instructions correctly advise the user on how to retrieve a specific non-sensitive field (userId) and include explicit security warnings about protecting the file and not sharing its contents.
[PROMPT_INJECTION]: The skill allows users to define custom system instructions via the instructions field in the configuration. This is a standard feature for tailoring the assistant's persona for the channel and does not include any malicious override patterns.
[SAFE]: The skill demonstrates good security practices by recommending the use of an allowlist policy for WeChat users and warning against the risks of using an open policy. No malicious behavior, obfuscation, or unauthorized network operations were detected.

weixin-channel-setup