Skills
skills/tiancheng91/wechat-msg-send/wechat-message/Gen Agent Trust Hub

wechat-message

Pass

Audited by Gen Agent Trust Hub on Mar 6, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses osascript to execute AppleScript (scripts/wechat_automation_script.applescript), which leverages System Events to perform UI automation. This allows the script to simulate keystrokes, clicks, and window management within the WeChat application.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8). Malicious instructions embedded in data processed by the agent could be used to trigger this skill with attacker-controlled parameters.
  • Ingestion points: The argv array in wechat_automation_script.applescript receives the contact name and message content directly from the agent's environment.
  • Boundary markers: No delimiters or safety instructions are used to separate the user-provided content from the automation logic.
  • Capability inventory: The script can search for any contact, paste content, and send messages, providing a high-impact communication capability.
  • Sanitization: There is no validation or sanitization of the userName or messageText before they are placed on the system clipboard and pasted into the application.
  • [DATA_EXPOSURE]: The script explicitly modifies the system clipboard (set the clipboard to ...). This will overwrite any existing user data in the clipboard and could lead to accidental exposure if the agent or user pastes the content into an unintended location.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 6, 2026, 11:17 AM