Skills
skills/zjp1997720/content-twin-toolkit/wechat-styler/Gen Agent Trust Hub

wechat-styler

Warn

Audited by Gen Agent Trust Hub on May 8, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Potential command injection in scripts/convert.mjs. The script uses exec to run the open command on the outputPath variable, which can be controlled by a user via the --output flag or the input filename. Because the input is not sanitized or shell-escaped, an attacker could provide a path containing shell metacharacters to execute arbitrary commands.\n- [COMMAND_EXECUTION]: Potential command injection in scripts/generate-preview.mjs. This script uses execSync to execute the conversion script, interpolating articlePath and themeName directly into the shell command string. Maliciously crafted file paths or theme names could lead to code execution.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection.\n
  • Ingestion points: scripts/convert.mjs (reads content from user-provided Markdown files).\n
  • Boundary markers: None present. The Markdown content is parsed and converted without isolation markers to distinguish instructions from data.\n
  • Capability inventory: The skill can execute shell commands (exec) and write files to the local system.\n
  • Sanitization: While HTML is escaped for the output, there is no validation of the Markdown content to prevent embedded instructions from being interpreted by the agent during processing.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 8, 2026, 04:00 AM
Security Audit — agent-trust-hub — wechat-styler