The Agent Skills Directory

[COMMAND_EXECUTION] (SAFE): The skill utilizes the WeChat Developer Tools CLI (cli.bat on Windows, cli on macOS) to open projects. This is the primary intended function for project deployment and debugging.
[EXTERNAL_DOWNLOADS] (SAFE): Recommends downloading image assets from Icons8 (img.icons8.com). While not on the explicit trusted source list, it is a standard resource for UI development and used for static assets via the downloadRemoteFile tool.
[PROMPT_INJECTION] (LOW): The AI model invocation section (DeepSeek v3 integration) creates a vulnerability surface for indirect prompt injection by processing untrusted user data. \n- Ingestion points: The userInput variable in the AI model invocation JavaScript example. \n- Boundary markers: Absent; user input is passed directly into the messages array without delimiters or instructions to ignore embedded commands. \n- Capability inventory: The skill provides the ability to invoke external AI models (wx.cloud.extend.AI) and stream results back to the user. \n- Sanitization: No sanitization or validation of the userInput is implemented in the provided example code.

miniprogram-development