Vague Triggers
Medium
- Confidence
- 92% confidence
- Finding
- The skill advertises very broad activation triggers such as general WeChat publishing, account configuration, hot topics, and operations keywords, which can cause it to activate during ordinary discussion rather than a clear user request to publish or manage a public account. In this context, overbroad invocation is risky because the skill can access stored公众号 credentials and perform sensitive actions like generating and publishing content, increasing the chance of unintended execution or privilege misuse.
