publish-zsxq-article
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses local shell commands (
cat,ls) and a Python script to manage local files (reading Markdown, checking image sizes). These are standard operations for the skill's stated purpose of publishing local content. - [REMOTE_CODE_EXECUTION]: The skill uses
evaluate_script(Chrome DevTools) orbrowser_console_exec(Playwright) to interact with the Zsxq website. This is used solely to simulate a 'paste' event in the Milkdown editor to ensure proper Markdown rendering, which is a legitimate technical requirement of the platform's editor. - [SAFE]: All network operations are directed to the official Zsxq domain (
wx.zsxq.com) for article publishing. There is no evidence of data exfiltration or unauthorized access. The skill explicitly instructs the agent to save as a draft and never auto-publish, maintaining user control.
Audit Metadata