wechat-devtools
Pass
Audited by Gen Agent Trust Hub on May 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides instructions to install the
wechat-devtools-mcppackage usinguvand executes commands to manage the WeChat IDE lifecycle and internal CLI. - [REMOTE_CODE_EXECUTION]: The
wechat_automatortool'sevaluateaction enables the execution of arbitrary JavaScript code within the WeChat simulator's logic layer, which is a core function for runtime debugging and interaction. - [DATA_EXFILTRATION]: Through the
wechat_filetool'sread_fileaction, the agent can read any single file on the local system. While necessary for accessing project source code, this capability could be exploited to read sensitive configuration files if the agent's path input is maliciously controlled. - [PROMPT_INJECTION]: The skill creates an attack surface for indirect prompt injection by ingesting and processing untrusted data from the WeChat development environment.
- Ingestion points: The skill reads console logs via
wechat_inspector, current page data viawechat_automator, and source code viawechat_file. - Boundary markers: There are no specified boundary markers or instructions to isolate external data from the agent's system prompts.
- Capability inventory: The skill possesses the ability to execute shell commands, perform JavaScript evaluation, and read files from the local file system.
- Sanitization: The documentation does not describe any sanitization, filtering, or validation processes for the data retrieved from the WeChat environment before it is provided to the agent.
Audit Metadata