Skills
skills/hwj123hwj/custom-skills/wechat-search/Gen Agent Trust Hub

wechat-search

Pass

Audited by Gen Agent Trust Hub on Mar 16, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the user or agent to install the miku_ai Python package using pip install miku_ai --break-system-packages. This is an external dependency from an unverified third-party source.
  • [COMMAND_EXECUTION]: The skill uses python3 -c to execute an inline asynchronous Python script that imports the miku_ai library and performs the article search. This involves running code that relies on external dependencies and user-provided keywords.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8).
  • Ingestion points: Data is ingested from the get_wexin_article function, which fetches titles and digests from external WeChat articles.
  • Boundary markers: There are no boundary markers or instructions to ignore embedded commands within the fetched article content.
  • Capability inventory: The skill uses asyncio.run and python3 subprocess execution to run the search logic.
  • Sanitization: The fetched article metadata (title, digest) is printed directly to the output without sanitization or escaping, which could lead to an agent following instructions hidden in article summaries.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 16, 2026, 07:27 AM