Skills
skills/youmind-openlab/skills/youmind-wechat-article/Gen Agent Trust Hub

youmind-wechat-article

Fail

Audited by Gen Agent Trust Hub on Mar 31, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill contains instructions that attempt to override standard agent behavior by mandating automatic publication to the WeChat draft box without user confirmation ("Always publish to drafts. Do NOT ask"). This reduces user oversight for sensitive operations involving API keys.
  • [COMMAND_EXECUTION]: The toolkit executes local Node.js and Python scripts to perform data fetching and processing. It also uses execSync to invoke external system commands, such as the Mermaid CLI (mmdc), which presents a surface for potential command injection if parameters were improperly sanitized.
  • [REMOTE_CODE_EXECUTION]: The README and operational guides recommend using curl commands piped to python3 to retrieve the public IP address. While referencing well-known services like httpbin.org, this command structure is a high-risk pattern that could be exploited if redirected to untrusted content.
  • [EXTERNAL_DOWNLOADS]: Setup instructions require the installation of various dependencies from NPM and PyPI registries, introducing standard supply chain risks.
  • [DYNAMIC_EXECUTION]: The codebase employs dynamic loading techniques, including the __import__ function in Python and dynamic import() statements in Node.js, to handle logging and optional dependencies.
Recommendations
  • HIGH: Downloads and executes remote code from: https://httpbin.org/ip - DO NOT USE without thorough review
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 31, 2026, 11:45 AM