Skills
skills/cluic/wxauto-skill/wxauto-dev/Gen Agent Trust Hub

wxauto-dev

Pass

Audited by Gen Agent Trust Hub on Mar 22, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes python3 -m py_compile to perform a syntax check on the generated wxbot.py file to ensure the code is valid before presentation to the user.
  • [EXTERNAL_DOWNLOADS]: The skill instructions direct the user to install the wxautox4 third-party library and the python-dotenv package via pip. It also references external services for library activation and registration at https://dusapi.com and https://wxauto.org.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it is designed to ingest and act upon untrusted message data from WeChat.
  • Ingestion points: Untrusted data enters the agent context through WeChat message objects, specifically msg.content, within the on_message and on_new_message callbacks in wxbot.py.
  • Boundary markers: The provided templates do not include boundary markers, delimiters, or system instructions to ignore embedded commands within the processed messages.
  • Capability inventory: The generated scripts have the capability to perform various actions on the WeChat account, including SendMsg, PublishMoment, Comment, and AtAll within wxbot.py.
  • Sanitization: No sanitization, escaping, or validation of the external message content is implemented in the templates before the data is used to trigger responses or actions.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 22, 2026, 02:08 PM