The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes local automation scripts using osascript on macOS and powershell with the Bypass execution policy on Windows. The Windows script compiles C# code at runtime via Add-Type to access Win32 APIs, and the macOS script invokes the cliclick utility. These operations require granting 'Accessibility' permissions on macOS, which allows the script to control the UI and simulate input.
[DATA_EXFILTRATION]: The scripts read from the system clipboard when arguments are missing. This behavior can lead to the unintended exposure of sensitive clipboard contents (e.g., passwords or private keys) by sending them to WeChat contacts.
[PROMPT_INJECTION]: The skill exposes an indirect prompt injection surface by processing untrusted strings (contact names and messages) and using them in UI automation tasks without sanitization.
Ingestion points: Command-line arguments in wechat_automation_script.applescript and wechat_automation_script.ps1, as well as system clipboard input.
Boundary markers: Absent. No delimiters or warnings are used to prevent instructions within the data from influencing the agent's behavior or the messaging outcome.
Capability inventory: UI automation (keystroke simulation, mouse clicking), clipboard access, and application control across multiple scripts.
Sanitization: Absent. The skill does not validate or escape inputs before passing them to the clipboard or keyboard simulation functions.

wechat-message