Skills
skills/jst-well-dan/skill-box/weixin-fetch/Gen Agent Trust Hub

weixin-fetch

Pass

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches Chromium browser binaries through the Playwright library during setup.
  • [COMMAND_EXECUTION]: Executes shell commands to install necessary Python packages and run the retrieval script.
  • [DATA_EXFILTRATION]: Connects to the WeChat domain (mp.weixin.qq.com) to retrieve content and metadata from specified articles.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it processes external content fetched from the web.
  • Ingestion points: Fetches article data from user-provided URLs in scripts/fetch_weixin.py.
  • Boundary markers: None present; content is processed without explicit delimiters.
  • Capability inventory: Includes local file write operations in scripts/fetch_weixin.py.
  • Sanitization: Uses sanitize_filename to ensure valid and safe local file paths for the output.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 10, 2026, 06:54 AM