Skills
skills/holon-run/webmcp-bridge/weibo-webmcp/Gen Agent Trust Hub

weibo-webmcp

Pass

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill ingests untrusted content from Weibo, creating a surface for indirect prompt injection.
  • Ingestion points: The skill fetches data from Weibo using timeline.home.list, post.get, and search.weibo (SKILL.md).
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands are provided to the agent for the fetched data.
  • Capability inventory: The skill enables write operations such as post.create, comment.create, and article.publishMarkdown (SKILL.md).
  • Sanitization: No sanitization or content validation mechanisms are documented for the ingested content.
  • [COMMAND_EXECUTION]: The skill uses local CLI tools and shell scripts for its operational logic.
  • Evidence: All core operations are invoked via weibo-webmcp-cli (SKILL.md).
  • Evidence: Symlink management is handled by scripts/ensure-links.sh.
  • [EXTERNAL_DOWNLOADS]: The skill requires external binaries for its browser automation component.
  • Evidence: Prerequisites in SKILL.md specify the use of npx playwright install to set up the necessary environment.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 29, 2026, 03:15 AM