miniprogram-ci
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides shell command templates, such as
ls <编译产物目录>/project.config.json, which interpolate user-provided directory paths. This creates a potential surface for command injection if the input is not sanitized by the agent using the skill. - [EXTERNAL_DOWNLOADS]: The skill instructs the installation of the
miniprogram-cipackage from the official registry. This is the standard library for WeChat mini-program CI/CD automation. - [DATA_EXFILTRATION]: The generated scripts handle sensitive WeChat private keys (
private.*.key) required for authentication. The skill correctly identifies these as sensitive and includes mandatory safety warnings to prevent them from being committed to version control, recommending CI/CD secrets instead. - [PROMPT_INJECTION]: This skill presents an indirect prompt injection surface because it processes untrusted user-supplied project metadata which is then used in file system and network operations.
- Ingestion points: Variable inputs such as
MP_PROJECT_PATH,MP_APPID, andMP_ROBOTdefined inSKILL.md. - Boundary markers: No boundary markers or 'ignore' instructions are present in the provided bash templates.
- Capability inventory: File system commands (
ls), Node.js file operations (fs.mkdirSync,fs.writeFileSync), and network requests through theminiprogram-cilibrary. - Sanitization: The documentation does not provide sanitization or validation logic for user-provided strings before they are interpolated into the setup scripts.
Audit Metadata