aws-wechat-article-publish
Pass
Audited by Gen Agent Trust Hub on Apr 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [DATA_EXFILTRATION]: The skill reads WeChat API credentials (AppID and AppSecret) from a local
aws.envfile. These credentials are transmitted to official WeChat API endpoints (api.weixin.qq.com) to authenticate and perform publishing tasks. This behavior is documented and is essential for the skill's primary function as an automation tool. - [COMMAND_EXECUTION]: The skill executes local Python scripts (
publish.py,getdraft.py,article_init.py) usingpython3to manage article preparation and API interactions. These scripts are part of the skill's own package. - [EXTERNAL_DOWNLOADS]: The documentation references the installation of standard, well-known libraries (
PyYAML,Pillow) from official package registries to support article processing. - [PROMPT_INJECTION]: The skill processes content from article files (
article.htmlandarticle.yaml) which constitutes an attack surface for indirect prompt injection. - Ingestion points: Untrusted data enters the workflow from the
article.htmlandarticle.yamlfiles within the article directory. - Boundary markers: There are no explicit boundary markers or instructions to ignore instructions embedded within the processed article content.
- Capability inventory: The skill has the capability to perform network operations (API calls), write to files (updating status in
article.yaml), and execute shell commands. - Sanitization: No explicit sanitization or filtering of the HTML or YAML content is performed before it is uploaded or processed by the scripts.
Audit Metadata