huashu-wechat-image
Warn
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs several local command executions to fulfill its primary functions. It uses
npx playwright screenshotto render dynamically generated HTML into image files. It also executes local Python scripts, specificallygenerate_image.pyviauv runand anupload_image.pyscript located at an absolute path in the user's home directory. - [CREDENTIALS_UNSAFE]: The workflow instructions guide the agent to programmatically extract the
GEMINI_API_KEYfrom a local environment file at~/.claude/.envusing thegrepcommand. While necessary for the skill's operation, this involves accessing sensitive configuration files. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by interpolating untrusted user data into executable contexts.
- Ingestion points: User-provided article content and paths are used to populate both AI prompts and HTML templates for rendering.
- Boundary markers: No specific delimiters or instructions are used to separate user data from the system's HTML/CSS templates or prompt structures.
- Capability inventory: The skill possesses the capability to execute shell commands (via Playwright and Python) and write files to the local file system.
- Sanitization: There is no evidence of sanitization or escaping of user-provided strings before they are injected into HTML, which could allow for unintended rendering behavior.
Audit Metadata