WeChat Article Writer

The skill exhibits numerous high-risk capabilities, including extensive file system access (reading credentials from `~/.wechat-article-writer/secrets.json`), broad network access to external APIs (WeChat, Z.AI/OpenRouter) and arbitrary URLs (via `web_search`, `web_fetch`, `curl`), and browser automation with HTML/JS injection. The `writing_prompt_injection` field in `references/default-voice-profile.json` and `references/voice-profile-schema.json`, along with the direct insertion of `VOICE PROFILE` into `references/writer-prompt.md`, creates explicit prompt injection vectors. While these capabilities are plausibly necessary for the stated purpose of an article publishing pipeline, their power and the presence of direct prompt injection opportunities make the skill highly susceptible to abuse if untrusted input is processed or if a malicious `voice-profile.json` is loaded. There is no clear evidence of intentional malicious behavior, but the potential for exploitation is significant.