wechat-auto-reply
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes messages from an external WeChat channel. An attacker could embed instructions within a message to manipulate the agent's behavior.\n
- Ingestion points: WeChat channel messages identified by the '← wechat-channel:' prefix in SKILL.md.\n
- Boundary markers: Not present. The skill does not instruct the agent to treat external messages as untrusted data or use delimiters.\n
- Capability inventory: The skill utilizes the 'reply' tool to interact with users.\n
- Sanitization: No sanitization or validation of external input is described or required by the instructions.\n- [NO_CODE]: The skill consists entirely of configuration and instructions; no scripts, executables, or binaries are included.
Audit Metadata