mp-weixin-skills
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or critical vulnerabilities were found. The skill operates within its intended scope. \n- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface through its document processing workflow. \n
- Ingestion points: Articles in Markdown, Word, and PDF formats are ingested via the
ParserFactoryand parsed into HTML for publication. \n - Boundary markers: The processing pipeline does not use explicit delimiters or instructions to ignore potential commands embedded within the user-provided text. \n
- Capability inventory: The skill possesses network access via
requeststo interact withapi.weixin.qq.comand download images from stock services. It also has permissions to write to theoutput/andtemp/directories. \n - Sanitization: Content is structurally transformed into HTML with inline styles in
StyleManager.py, but it is not filtered for adversarial prompts before being processed. \n- [COMMAND_EXECUTION]: The skill utilizes browser-based script execution (via Chrome DevTools MCP) to scrape image metadata and URLs from trusted stock photo providers. This functionality is restricted to authorized cover generation tasks.
Audit Metadata