wechat-daily-report
Warn
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted WeChat chat logs, creating an indirect prompt injection surface where malicious messages could influence the AI's summary or behavior.
- Ingestion points:
scripts/analyze_chat.pyreads user-provided JSON chat logs and extracts message content. - Boundary markers: No explicit delimiters or instructions are used in
references/ai_prompt.mdto isolate untrusted chat data from the AI's core instructions. - Capability inventory: The AI's output is written to
ai_content.jsonand subsequently rendered into an HTML/PNG report usingscripts/generate_report.py. - Sanitization: The
analyze_chat.pyscript performs basic text cleaning (removing newlines and truncating) but does not sanitize or escape content against injection attacks. - [COMMAND_EXECUTION]:
scripts/generate_report.pyexecutes the Playwright library to launch a headless Chromium browser instance. While this is necessary for the skill's primary function of generating images, it represents the execution of a high-privilege subprocess. - [EXTERNAL_DOWNLOADS]: The skill requires the installation of the Chromium browser binary via the
playwright install chromiumcommand as part of its setup process. - [DYNAMIC_EXECUTION]: The report generation logic in
scripts/generate_report.pyuses the Jinja2 templating engine to insert chat data intoassets/report_template.html. The Jinja2 environment is initialized withoutautoescape=True, which means any HTML or JavaScript contained within the chat logs will be rendered directly. This content is then executed by the Playwright browser instance, potentially leading to local script execution (XSS) during the image rendering process.
Audit Metadata