create-ex
Warn
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [DATA_EXFILTRATION]: The skill is designed to ingest and process highly sensitive personal data, including WeChat and QQ chat histories and photos with GPS location metadata. This constitutes significant exposure of private communications and location history.
- [COMMAND_EXECUTION]: Uses the Bash tool to execute local Python parsers and perform file system management tasks, such as creating directories and deleting generated content using 'rm -rf'.
- [PROMPT_INJECTION]: Vulnerable to Indirect Prompt Injection. Raw chat logs and user descriptions are ingested and written directly into the SKILL.md of the generated agent without sanitization or protective boundary markers (e.g., 'ignore embedded instructions'). 1. Ingestion points: wechat_parser.py, qq_parser.py, social_parser.py, and user prompts. 2. Boundary markers: Absent. 3. Capability inventory: The skill uses Bash, Read, Write, and Edit tools to process sensitive files. 4. Sanitization: Absent; ingested text is used in its raw form.
- [EXTERNAL_DOWNLOADS]: Documentation references several third-party repositories for WeChat/QQ data extraction (WeChatMsg, PyWxDump, Liuhen). While not automatically downloaded by the skill, they are primary dependencies for the user's data processing workflow.
Audit Metadata