Skills
skills/xuanxuan1983/baoyu-xuanyi-skills/baoyu-post-to-wechat/Gen Agent Trust Hub

baoyu-post-to-wechat

Fail

Audited by Gen Agent Trust Hub on Feb 15, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
  • [REMOTE_CODE_EXECUTION] (HIGH): The skill dynamically downloads and executes JavaScript from an untrusted remote CDN, which could allow for arbitrary code execution if the CDN is compromised.\n
  • Evidence: In scripts/md/utils/languages.ts, the loadAndRegisterLanguage function uses the import() function to load code from https://cdn-doocs.oss-cn-shenzhen.aliyuncs.com/npm/highlightjs/....\n- [DATA_EXFILTRATION] (HIGH): The skill can be coerced into reading and exposing sensitive local files by processing them as markdown image attachments.\n
  • Evidence: In scripts/md-to-wechat.ts, the resolveImagePath function resolves absolute local file paths provided in the markdown source. These files are then read and prepared for publication (pasted via the clipboard) in the WeChat editor.\n- [COMMAND_EXECUTION] (MEDIUM): The skill executes platform-specific shell commands to control the host system and simulate user keystrokes.\n
  • Evidence: scripts/paste-from-clipboard.ts executes osascript (macOS), powershell.exe (Windows), and xdotool (Linux). scripts/md-to-wechat.ts executes npx -y bun to run rendering scripts.\n- [EXTERNAL_DOWNLOADS] (LOW): The skill automatically fetches remote image assets found in markdown content.\n
  • Evidence: scripts/md-to-wechat.ts uses a downloadFile function to fetch content from arbitrary URLs.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 15, 2026, 05:13 AM