The Agent Skills Directory

[SAFE]: The skill is designed for WeChat article management and interacts only with local services (localhost:4000) and the official WeChat platform (mp.weixin.qq.com). No unauthorized data exfiltration or malicious patterns were detected.\n- [DATA_EXPOSURE]: The script scripts/capture-comment-url.sh prints a session token to the terminal's standard error stream. This is intended for user verification of the login state but technically exposes a temporary credential in local logs.\n- [PROMPT_INJECTION]: The skill ingests untrusted text from web comments. To mitigate indirect prompt injection, it uses structured data formats (JSON), strips HTML tags from summaries, and escapes HTML content before rendering the final footer.

wjs-picking-comments