Skills
skills/tuziapi/tuzi-skills/tuzi-post-to-wechat/Gen Agent Trust Hub

tuzi-post-to-wechat

Fail

Audited by Gen Agent Trust Hub on Mar 6, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/wechat-agent-browser.ts is vulnerable to shell injection. It constructs command strings using unescaped user-provided article titles and content, then executes them via execSync. An attacker could exploit this to execute arbitrary shell commands on the host system.
  • [COMMAND_EXECUTION]: The script scripts/paste-from-clipboard.ts constructs AppleScript commands using the user-provided --app argument without sanitization. This allows for script injection that can control other applications or execute malicious code on macOS.
  • [REMOTE_CODE_EXECUTION]: The skill dynamically imports and executes JavaScript language grammar files from a third-party CDN (cdn-doocs.oss-cn-shenzhen.aliyuncs.com) inside scripts/md/utils/languages.ts. This bypasses static analysis and poses a risk of remote code execution if the CDN or the upstream repository is compromised.
  • [EXTERNAL_DOWNLOADS]: The skill automatically downloads remote images from any URL encountered within user-supplied markdown files (scripts/md-to-wechat.ts and scripts/wechat-api.ts). There is no domain whitelisting or validation of the downloaded content.
  • [PROMPT_INJECTION]: The skill processes untrusted markdown and HTML content provided by users or external URLs. It lacks explicit boundary markers or sanitization before rendering this content, creating a surface for indirect prompt injection that could influence the agent's behavior during the publication workflow.
Recommendations
  • HIGH: Downloads and executes remote code from: https://bun.sh/install - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 6, 2026, 03:46 PM