Security audit

发表微信公众号文章_无限

Security checks across malware telemetry and agentic risk

Overview

This markdown-only skill matches its WeChat publishing purpose, but it can publish publicly from a logged-in account without a clear final approval checkpoint.

Install only if you intend to let an agent operate a logged-in WeChat Official Account publishing session. Before use, require the agent to stop before final publication, show the active account, title, author, collection, originality and reward settings, and wait for your explicit approval; do not enter passwords or MFA codes into chat.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (6)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill explicitly instructs the agent to publish a WeChat article but does not require any confirmation that publication will make the content externally visible. In an automation context, this creates a real risk of unintended public disclosure or premature release of draft, sensitive, or incorrect content.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill explicitly instructs the operator to log into the WeChat public account backend but provides no warning about handling credentials, session sensitivity, or the risk of operating inside a privileged publishing account. In an agent-assisted workflow, omission of these safeguards increases the chance of unsafe credential entry, unintended exposure of authenticated sessions, or high-impact actions being performed in the wrong account context.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill ends with instructions to publish the article but does not clearly warn that publication is a live, externally visible action that can immediately affect a real audience and brand reputation. Because the skill is procedural and emphasizes strict execution, it could lead an agent or operator to treat publication as routine rather than as a high-risk, irreversible step requiring explicit confirmation.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill ends with a direct instruction to publish a public WeChat article after preview, but it does not require an explicit user confirmation step immediately before the irreversible public action. In an agentic workflow, this increases the risk of unintended publication of drafts, sensitive content, or incorrectly formatted posts, especially because the skill emphasizes strict execution order and automation-like behavior.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger phrases are broad enough to activate on generic requests about WeChat publishing, which can cause the agent to enter a high-impact workflow that culminates in posting content to a live public channel. In this skill, that risk is amplified because the instructions are rigid and publication-oriented, with little evidence of confirmation or scope checking before draft save, preview, and final publish.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill instructs the agent through a full end-to-end publishing flow for a public account without an upfront warning or explicit user confirmation before irreversible actions. Because the workflow includes draft saving and final publication to a live audience, accidental activation or misunderstanding can directly cause unauthorized or premature public posting.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal