Skills
skills/wm9139/baoyu-skills/baoyu-post-to-wechat/Gen Agent Trust Hub

baoyu-post-to-wechat

Fail

Audited by Gen Agent Trust Hub on Mar 5, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches the Bun runtime installer from its official domain (bun.sh) and dynamic syntax highlighting modules from a third-party CDN (cdn-doocs.oss-cn-shenzhen.aliyuncs.com).
  • [COMMAND_EXECUTION]: Employs system-level subprocesses to facilitate automation:
  • Executes osascript (macOS), xdotool (Linux), and powershell (Windows) to manage the system clipboard and simulate user keystrokes for content pasting.
  • Launches Google Chrome using the Chrome DevTools Protocol (CDP) to automate interaction with the WeChat Official Account web editor.
  • [PROMPT_INJECTION]: Exhibits an indirect prompt injection surface due to the processing of untrusted markdown and HTML articles.
  • Ingestion points: scripts/wechat-article.ts and scripts/wechat-browser.ts read local file content provided by the user.
  • Boundaries: The instructions lack explicit delimiters or directives for the agent to ignore commands embedded within the processed article text.
  • Capabilities: The skill has access to sensitive API credentials and can perform authenticated network requests and browser automation.
  • Sanitization: No sanitization is performed on the input files beyond standard markdown rendering.
Recommendations
  • HIGH: Downloads and executes remote code from: https://bun.sh/install - DO NOT USE without thorough review
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 5, 2026, 09:13 AM