Skills
skills/buda-ai/buda-marketplace/wechat-publish-pipeline/Socket

wechat-publish-pipeline

Warn

Audited by Socket on Apr 8, 2026

1 alert found:

Security
SecurityMEDIUM
SKILL.md

The skill is purpose-aligned as a WeChat publishing pipeline, but it is still high risk because it autonomously researches, creates, and publishes content without user confirmation. The main concerns are autonomous posting, transitive trust in other local skills, and prompt-injection exposure from untrusted web sources; this looks suspicious/over-permissive rather than clearly malicious.

Confidence: 85%Severity: 76%
Audit Metadata
Analyzed At
Apr 8, 2026, 11:24 AM
Package URL
pkg:socket/skills-sh/buda-ai%2Fbuda-marketplace%2Fwechat-publish-pipeline%2F@d0a323f58b7dc3ae644b5f3b59a6ca13ef682a8f