wechat-article-fetch
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script uses
spawnto executenpx -y playwright install chromiumto ensure browser dependencies are installed during runtime. - [COMMAND_EXECUTION]: Launches the Chromium browser with flags that reduce the security posture, including
--no-sandbox,--disable-setuid-sandbox, and--disable-web-security. - [EXTERNAL_DOWNLOADS]: Automatically downloads images from external URLs discovered in the scraped articles to the local filesystem using standard Node.js networking modules.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted text from external WeChat article URLs. Malicious instructions embedded in these articles could influence the agent's behavior during the 'intelligent workflow' described in the documentation, which automatically triggers subsequent formatting tasks.
- Ingestion points: External URLs processed by
fetchWechatArticleinscripts/fetch.js. - Boundary markers: The skill does not implement delimiters or explicit 'ignore embedded instructions' warnings when returning fetched content to the agent.
- Capability inventory: File system write access (
writeFile), network resource fetching (https.get), and system command execution (spawn). - Sanitization: The script performs structural HTML cleaning via regex but does not sanitize the resulting text for adversarial natural language instructions.
Audit Metadata