wxmini-security-audit
Fail
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to download a binary executable (
unveilr.exe) from a non-trusted third-party GitHub repository (github.com/nicholaschan23/unveilr). - [REMOTE_CODE_EXECUTION]: The framework directs the user to fetch and run external code and binaries from untrusted sources, which could lead to arbitrary code execution if the source is compromised or malicious.
- [COMMAND_EXECUTION]: The skill's architecture (Phase 1) is designed to execute the
unveilr.exebinary locally to decompile WeChat mini-program files. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and analyzes untrusted code from external mini-programs. The agent roles (e.g., SecretScanner, VulnAnalyzer) lack boundary markers or instructions to disregard malicious commands embedded within the analyzed files.
- Ingestion points: Reads all
.js,.json, and.xmlfiles from the target mini-program directory. - Boundary markers: Absent. The agents process raw extraction results without explicit delimiters or safety instructions to ignore content acting as instructions.
- Capability inventory: The skill can execute local Python scripts and an external binary (
unveilr.exe), and writes numerous report files to the local system. - Sanitization: None detected. Content is extracted via regex and passed directly to LLM agents for analysis.
Recommendations
- AI detected serious security threats
Audit Metadata