skills/solar-luna/fully-automatic-article-generation-skill/wechat-draft-publisher/Gen Agent Trust Hub
wechat-draft-publisher
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSNO_CODEPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE] (HIGH): The skill requires users to store WeChat AppID and AppSecret in a local plaintext file (~/.wechat-publisher/config.json), creating a high-value target for local credential theft.
- [COMMAND_EXECUTION] (HIGH): The operation of the skill relies on the agent executing unreviewed local Python scripts (publisher.py) and shell scripts (install.sh), which could perform unauthorized actions on the host environment.
- [NO_CODE] (MEDIUM): The core implementation logic is contained in external files ('publisher.py' and the 'scripts/' directory) that were not provided for analysis, preventing a thorough security verification.
- [PROMPT_INJECTION] (HIGH): The skill is vulnerable to Indirect Prompt Injection because it processes untrusted HTML articles. 1. Ingestion points: article.html or formatted HTML files. 2. Boundary markers: Absent. 3. Capability inventory: Execution of local scripts and network requests to WeChat APIs. 4. Sanitization: No sanitization of the article content is documented.
- [EXTERNAL_DOWNLOADS] (LOW): The skill recommends installing the 'requests' library via pip, which is a standard but external dependency.
Recommendations
- AI detected serious security threats
Audit Metadata