Skills
skills/cat-xierluo/legal-skills/fetch-wechat-article/Gen Agent Trust Hub

fetch-wechat-article

Pass

Audited by Gen Agent Trust Hub on Feb 20, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • PROMPT_INJECTION (LOW): Indirect Prompt Injection risk. The skill fetches untrusted article content from the web and converts it to Markdown. This content could contain hidden instructions designed to manipulate the agent's behavior.
  • Ingestion points: WeChat article URLs (mp.weixin.qq.com) fetched via Playwright.
  • Boundary markers: Absent. The content is saved as raw Markdown without delimiters or warnings for downstream agents.
  • Capability inventory: File system writing (saveAsMarkdown), image downloading, and local script execution (node scripts/fetch.js).
  • Sanitization: Performs HTML stripping, but lacks sanitization for adversarial text patterns that might influence the LLM.
  • EXTERNAL_DOWNLOADS (SAFE): External dependency management. The skill requires Playwright browser binaries.
  • Evidence: Documentation mentions running npx playwright install chromium to fetch browser dependencies.
  • Trust Status: Playwright is a trusted tool maintained by Microsoft; the download is downgraded to SAFE per [TRUST-SCOPE-RULE].
  • COMMAND_EXECUTION (SAFE): Local command execution for scraping operations.
  • Evidence: Execution of node scripts/fetch.js and npx for browser automation.
  • Context: These operations are legitimate and necessary for the skill's primary purpose as a scraping tool.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 20, 2026, 12:30 PM