WeChat Publish Pipeline

SUSPICIOUS/HIGH-RISK skill. Its stated purpose matches the broad publishing workflow, but it explicitly enables autonomous external-account actions without user confirmation and combines untrusted web ingestion with file writes and command execution. The main concern is unsafe autonomy and prompt-injection exposure, with additional medium supply-chain uncertainty around the helper scripts.