Skills
skills/tencentcloudbase/mp-skills/wxa-create-ai-miniprogram/Gen Agent Trust Hub

wxa-create-ai-miniprogram

Pass

Audited by Gen Agent Trust Hub on Jun 22, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill fetches project templates and modular functional components from the vendor's official GitHub repository (TencentCloudBase/awesome-miniprogram-skills) using the mp-skills CLI tool.
  • [COMMAND_EXECUTION]: Orchestrates project setup using the mp-skills CLI for tasks such as initialization (new), configuration (setup), and package management (add). It also includes commands to open the project in the official WeChat Developer Tools.
  • [DATA_EXFILTRATION]: Includes strong boundary rules that prevent the agent from requesting or handling sensitive user data such as appid or cloud environment ID. It explicitly defines these as user responsibilities within the official platform consoles.
  • [INDIRECT_PROMPT_INJECTION]: While the skill ingests user requirements to select functional modules, it limits the scope of installation to the vendor's controlled repository, mitigating the risk of executing unauthorized or malicious third-party code.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 22, 2026, 09:11 AM
Security Audit — agent-trust-hub — wxa-create-ai-miniprogram