wechat-article-writer
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill directs the agent to ingest and summarize data from external, attacker-controllable sources such as X/Twitter, Reddit, and various forums via WebSearch. Without boundary markers or explicit safety instructions to ignore embedded commands in search results, the agent is vulnerable to indirect prompt injection. \n
- Ingestion points: WebSearch results in Step 1.\n
- Boundary markers: Absent.\n
- Capability inventory: Text generation (articles, titles, layout suggestions).\n
- Sanitization: Absent.
- [Data Exposure] (SAFE): The instruction to read
CLAUDE.mdtargets a local configuration file used for style instructions rather than sensitive system credentials or personal identifiable information (PII).
Audit Metadata