baoyu-post-to-wechat
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- REMOTE_CODE_EXECUTION (MEDIUM): The skill dynamically imports JavaScript modules from an external, non-whitelisted CDN at runtime.\n
- Evidence:
scripts/md/utils/languages.tsusesimport()to load highlight.js language definitions fromhttps://cdn-doocs.oss-cn-shenzhen.aliyuncs.com. Loading executable code from unverified third-party storage poses a risk of supply chain attacks.\n- COMMAND_EXECUTION (MEDIUM): The skill uses system-level tools to automate user interface actions and run sub-processes.\n - Evidence:
scripts/paste-from-clipboard.tsspawnsosascript(macOS),powershell.exe(Windows), andxdotool/ydotool(Linux) to send keystrokes to the operating system.\n - Evidence:
scripts/md-to-wechat.tsusesspawnSyncto executenpx -y bunon local script paths.\n- EXTERNAL_DOWNLOADS (MEDIUM): The skill downloads external resources based on content found in user-provided files, which could be exploited for SSRF-like behavior.\n - Evidence:
scripts/md-to-wechat.tscontains adownloadFilefunction that fetches images from arbitrary URLs specified in Markdown files to a temporary directory.\n - Evidence:
scripts/md/extensions/plantuml.tsandinfographic.tsfetch content from external rendering services (www.plantuml.com) and dynamic libraries.\n- DATA_EXFILTRATION (LOW): The skill checks for configuration files in sensitive user directories ($HOME/.baoyu-skills/), which is a common target for credential harvesting, although only preference loading was observed.
Audit Metadata