wechat-article-writer
Warn
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (MEDIUM): In Step 1, the skill uses WebSearch to aggregate content from public platforms like X/Twitter, Reddit, and technical forums. Because it lacks boundary markers or explicit instructions to ignore embedded commands in that data, the agent is vulnerable to instructions placed there by third parties.
- Data Access Risks (MEDIUM): The skill requires reading 'CLAUDE.md' (a local agent configuration file) alongside untrusted web data. An indirect prompt injection could potentially trick the agent into including the contents of this file or other sensitive configuration details in the generated article or titles.
- Capability Inventory (INFO): The skill utilizes the WebSearch tool and local file reading. It does not contain evidence of arbitrary code execution, privilege escalation, or direct network exfiltration to unknown domains.
Audit Metadata