Skills
skills/gpttang/skill-atlas/post-to-wechat/Gen Agent Trust Hub

post-to-wechat

Fail

Audited by Gen Agent Trust Hub on Jun 16, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: Instructions guide the user to install the Bun runtime by piping an installer script from the well-known service bun.sh directly into the shell.
  • [COMMAND_EXECUTION]: The skill executes various local TypeScript scripts (wechat-api.ts, wechat-article.ts, etc.) using the Bun runtime to automate WeChat publishing tasks. It also uses shell utilities for file system management and environment checks.
  • [EXTERNAL_DOWNLOADS]: References the official Bun installer and suggests a third-party markdown conversion skill hosted on GitHub as a dependency.
  • [PROMPT_INJECTION]: The skill processes untrusted markdown and HTML content, creating an indirect prompt injection vulnerability surface.
  • Ingestion points: Processes external markdown files, HTML files, and plain text provided as input in Step 1.
  • Boundary markers: The instructions do not define delimiters or provide warnings to ensure the agent ignores instructions embedded within the processed files.
  • Capability inventory: Includes subprocess execution (via bun), file system write access, and network communication with the WeChat API (api.weixin.qq.com).
  • Sanitization: No explicit sanitization or content validation is performed before the data is converted or uploaded.
Recommendations
  • HIGH: Downloads and executes remote code from: https://bun.sh/install - DO NOT USE without thorough review
Audit Metadata
Risk Level
HIGH
Analyzed
Jun 16, 2026, 11:10 AM
Security Audit — agent-trust-hub — post-to-wechat