wechat-article-extractor
Warn
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- Data Exposure & Path Traversal (MEDIUM): The file
convert.jscontains hardcoded absolute paths to a specific user's home directory (/Users/canghe/). - Evidence:
fs.readFileSync('/Users/canghe/.claude/projects/...')andfs.writeFileSync('/Users/canghe/Downloads/...'). - Impact: This behavior is unsafe for a shared skill as it targets specific local file structures and could be modified to access sensitive configuration files if the directory structure matches the target system.
- Indirect Prompt Injection (LOW): The skill is designed to parse and extract content from external WeChat Official Account articles (
mp.weixin.qq.com). - Ingestion points: Third-party HTML content fetched via
request-promise(as seen inREADME.mddescriptions). - Boundary markers: None detected in the provided code to distinguish between article content and agent instructions.
- Capability inventory: The skill uses
cheeriofor parsing and likelyrequest-promisefor network fetches (thoughscripts/extract.jswas not provided, the dependencies and descriptions confirm this). - Sanitization: No explicit sanitization or instruction-filtering logic is present in the provided snippets.
- Unverifiable Logic (MEDIUM): The core logic file
scripts/extract.jsreferenced inSKILL.mdandREADME.mdis missing from the provided source files. This prevents a complete safety verification of the primary functional component.
Audit Metadata