baoyu-post-to-wechat
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill identifies and reads WeChat developer credentials (WECHAT_APP_ID and WECHAT_APP_SECRET) from local
.envfiles located in the project or user's home directory. This information is used exclusively to authenticate with official WeChat API endpoints (api.weixin.qq.com). - [COMMAND_EXECUTION]: For cross-platform support, the skill invokes various system utilities such as
osascripton macOS,powershell.exeon Windows, andxdotoolorydotoolon Linux to simulate user interactions like pasting from the clipboard. Additionally, it dynamically generates and executes temporary Swift scripts on macOS to manage image data in the system clipboard. - [EXTERNAL_DOWNLOADS]: The skill references and downloads content from well-known services, including Highlight.js language definitions from an Alibaba Cloud (Aliyun) CDN and SVG diagrams from the official PlantUML server. All network communications related to article publishing target the official WeChat domain.
- [REMOTE_CODE_EXECUTION]: To support a wide range of code highlighting languages without bloating the package, the skill dynamically imports language definitions from a remote CDN at runtime using the
import()function. - [PROMPT_INJECTION]: The skill processes untrusted user-supplied content from Markdown and HTML files. This ingestion surface is a known vector for indirect prompt injection; however, the skill performs standard HTML sanitization during rendering, and no evidence of adversarial behavior was found.
Audit Metadata