Skills
skills/yelban/baoyu-skills.tw/baoyu-post-to-wechat/Gen Agent Trust Hub

baoyu-post-to-wechat

Warn

Audited by Gen Agent Trust Hub on Apr 24, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The file scripts/vendor/baoyu-md/src/utils/languages.ts performs dynamic import() of JavaScript modules from an external CDN (cdn-doocs.oss-cn-shenzhen.aliyuncs.com) based on the language of code blocks in processed markdown.
  • [COMMAND_EXECUTION]: The scripts scripts/copy-to-clipboard.ts and scripts/paste-from-clipboard.ts generate temporary Swift and AppleScript source files at runtime and execute them to facilitate cross-platform clipboard interactions.
  • [COMMAND_EXECUTION]: Browser automation logic in scripts/wechat-article.ts and scripts/wechat-browser.ts utilizes the Chrome DevTools Protocol (CDP) Runtime.evaluate command to execute arbitrary JavaScript strings within the browser context.
  • [EXTERNAL_DOWNLOADS]: The skill automatically downloads image files from arbitrary remote URLs found within user-supplied markdown files during the conversion process in scripts/vendor/baoyu-md/src/images.ts.
  • [COMMAND_EXECUTION]: The skill uses spawnSync to execute various system commands including osascript, swift, powershell, and npx to perform environment checks and operational tasks.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 24, 2026, 10:59 AM