wechat-article-formatter
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to the lack of isolation for external data.
- Ingestion points: Processes untrusted content from Markdown files and local image directories.
- Boundary markers: The workflow does not include delimiters or instructions to ignore embedded commands within the processed Markdown.
- Capability inventory: The skill utilizes Bash, Read, Write, Edit, Glob, and Grep, granting it significant file system and command execution permissions.
- Sanitization: There is no explicit process for validating or escaping the input Markdown content before it is read into the agent's context.
Audit Metadata