wechat-article
Pass
Audited by Gen Agent Trust Hub on Jun 24, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
subprocess.runto call its internal Python scripts for cover generation and publishing. It also utilizes thecurlcommand-line tool specifically for uploading image assets to the WeChat API. These calls are implemented using list-based argument passing, which is a secure practice to prevent shell command injection. - [CREDENTIALS_UNSAFE]: The skill requires WeChat
appidandappsecretfor functionality. It instructs the agent to solicit these from the user and store them in a local configuration file (wechat-article.config.json). These credentials are only used to communicate with the official WeChat API domain (api.weixin.qq.com). - [PROMPT_INJECTION]: A robust security gate is implemented in the workflow requiring the user to explicitly type "确认发布" (confirm publish) after reviewing the article and cover preview. This prevents the agent from autonomously publishing content without direct human approval.
Audit Metadata