wechat-cell-writer
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFECREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill manages WeChat API credentials, including AppID and AppSecret, by retrieving them from a local configuration file at ~/.baoyu-skills/.env.
- [COMMAND_EXECUTION]: A central workflow runner (run-workflow.js) orchestrates the execution of multiple local shell scripts and TypeScript files for article initialization, content validation, and final sanitization.
- [REMOTE_CODE_EXECUTION]: The skill employs the Playwright library (screenshot-paper.ts) to automate a headless browser for navigating to external academic websites (e.g., PubMed, Nature) to capture document screenshots for article citations.
- [EXTERNAL_DOWNLOADS]: As part of its setup and execution, the skill triggers the download of the Chromium browser binary via the Playwright framework.
- [PROMPT_INJECTION]: The skill retrieves and processes untrusted data from external scientific sources and news media during its research phase.
- Ingestion points: External content is aggregated into research.md during the retrieval step.
- Boundary markers: Structured article templates and frontmatter are used to delimit generated content.
- Capability inventory: The skill can perform shell execution, local Python processing, and browser automation.
- Sanitization: The workflow includes mandatory sanitization (sanitize-article.sh) to strip URLs and compliance checks (validate-article.sh) to identify and flag prohibited terminology or exaggerated medical claims before publication.
Audit Metadata