The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The scripts/publish.py script prompts users for sensitive WeChat API credentials and stores them in a local plain-text JSON file.
Evidence: The script defines CONFIG_FILE = SCRIPT_DIR / ".wechat_config.json" and uses the save_config function to write appid and appsecret directly to this file.
[CREDENTIALS_UNSAFE]: The script caches the WeChat access_token in a local file, which could be accessed by other malicious scripts or agents in the same environment.
Evidence: TOKEN_CACHE_FILE = SCRIPT_DIR / ".wechat_token.json" is used to store temporary authentication tokens.
[EXTERNAL_DOWNLOADS]: The skill performs network operations to interact with WeChat's official services. These are well-known services and the actions are documented neutrally.
Evidence: The script fetches tokens and uploads content to api.weixin.qq.com using the requests library.
[COMMAND_EXECUTION]: The skill relies on executing local Python scripts that perform file system reads/writes and network communication.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection via the Markdown files it processes.
Ingestion points: Reads user-provided Markdown files in convert.py and publish.py using read_text().
Boundary markers: Absent; there are no specific markers used to distinguish between content and instructions within the processed files.
Capability inventory: The skill can write files to the local disk and perform network POST requests to the WeChat API.
Sanitization: While it uses BeautifulSoup and standard markdown libraries for structural conversion, it does not explicitly sanitize the input for platform-specific injection payloads.

md-to-wechat