wechat-article-fetcher
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection (Category 8) because it processes untrusted content from WeChat articles. Ingestion points:
scripts/fetch.pyandwechat_article_fetcher.pyextract text and images from external URLs. Boundary markers: The extracted content is returned without delimiters or instructions to ignore embedded commands. Capability inventory:subprocess.runis used across several files (scripts/run_in_venv.py,fetch_direct.py,wechat_article_fetcher.py) to execute internal scripts. Sanitization: While filename sanitization is performed, the extracted article text is not sanitized or escaped before being returned to the agent context. - [COMMAND_EXECUTION]: Several components of the skill utilize
subprocess.runto manage script execution within isolated virtual environments. These commands are correctly constructed using argument lists, which prevents shell injection, but they allow the skill to execute internal Python logic based on user-provided parameters like URLs.
Audit Metadata