wechat-archiver
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface. It fetches content from external WeChat URLs (mp.weixin.qq.com) and provides this content to the
note-creatorskill to generate structured output. - Ingestion points: WeChat article content is fetched in
tools/wechat_archiver.pyandtools/wechat_archiver_v2.pyviawechat2md. - Boundary markers: The skill uses minimal boundary markers when passing content to the next stage, such as instructions in
templates/execution-flow.mdstating '文章内容:见 article.md'. - Capability inventory: The skill has access to
Bash,Write,Edit, andSkilltools, and executes subprocesses to run helper scripts. - Sanitization: While titles and URLs are sanitized/normalized, the actual article body is not sanitized before being processed by the agent or subsequent skills.
- [COMMAND_EXECUTION]: The orchestration scripts
tools/wechat_archiver.pyandtools/batch_archiver.pyusesubprocess.runto execute other Python scripts. While these calls target internal skill components likewechat2md.pyand use the system's Python executable, they represent the execution of code across script boundaries.
Audit Metadata