Skills
skills/th3ee9ine/wechat-claw-skill/wechat-mp-writer/Gen Agent Trust Hub

wechat-mp-writer

Pass

Audited by Gen Agent Trust Hub on Mar 27, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/run_pipeline.py utilizes subprocess.run to execute external Python scripts for image generation and WeChat API interactions. This is a core feature of the pipeline orchestration.
  • [EXTERNAL_DOWNLOADS]: scripts/collect_sources.py uses urllib.request.urlopen to fetch content from URLs provided by the user to populate article data.
  • [DATA_EXPOSURE]: The skill includes functionality in scripts/collect_sources.py to read local files (e.g., markdown or text files) specified by the user for article content collection.
  • [INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest data from untrusted external sources like web pages and local files. This creates an attack surface where malicious instructions embedded in the source material could potentially influence the agent's behavior during the JSON generation phase.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 27, 2026, 11:53 AM