Skills
skills/zjp1997720/writing-clone-starter/wechat-styler/Gen Agent Trust Hub

wechat-styler

Fail

Audited by Gen Agent Trust Hub on May 11, 2026

Risk Level: HIGHCOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/convert.mjs is vulnerable to shell command injection. It uses child_process.exec to automatically open the generated HTML file in a browser. The outputPath variable, which is derived from user-supplied input, is interpolated directly into the command string without adequate sanitization or escaping. This allows an attacker to execute arbitrary commands by including shell metacharacters such as semicolons, backticks, or command substitution sequences in the file path.
  • Evidence: exec(open "${outputPath}", (err) => { ... }) in scripts/convert.mjs.
  • [COMMAND_EXECUTION]: The script scripts/generate-preview.mjs is also vulnerable to command injection. It uses child_process.execSync to invoke the conversion script, passing the articlePath variable (sourced from user arguments) directly into the shell command template.
  • Evidence: execSync(node "${convertScript}" "${articlePath}" --theme ${themeName} --output "${outputPath}", { stdio: 'pipe' }) in scripts/generate-preview.mjs.
  • [COMMAND_EXECUTION]: Mitigation: The skill should avoid using child_process.exec or execSync with strings. Instead, it should use child_process.spawn or child_process.execFile, which take arguments as an array and do not invoke a shell, thereby preventing injection attacks. Additionally, all user-provided inputs used in file system operations should be strictly validated and sanitized.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
May 11, 2026, 01:58 PM
Security Audit — agent-trust-hub — wechat-styler