Skills
skills/tentacle-pro/skills/tentacle-post2wechat/Gen Agent Trust Hub

tentacle-post2wechat

Pass

Audited by Gen Agent Trust Hub on Mar 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script main.ts uses spawnSync to execute a local image compression tool at .agents/skills/baoyu-compress-image/scripts/main.ts.
  • [EXTERNAL_DOWNLOADS]: The skill communicates with https://api.tentacle.pro to upload images and save drafts to WeChat. This domain belongs to the skill vendor and the communication is consistent with the stated purpose of the skill.
  • [PROMPT_INJECTION]: The skill identifies as having a surface for indirect prompt injection due to the way it processes external data.
  • Ingestion points: The script reads and processes the full content of a user-provided HTML file (passed via CLI argument args.input).
  • Boundary markers: There are no explicit boundary markers or instructions to the model to ignore embedded commands within the input HTML.
  • Capability inventory: The skill can execute local scripts (spawnSync) and make network requests (fetch) to the vendor's API.
  • Sanitization: The HTML content is parsed using regular expressions for title and summary extraction but is not sanitized against embedded malicious instructions before being used in the workflow.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 13, 2026, 08:55 AM