wechat-article-fetcher
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The
downloader.pyscript usesurllib.request.urlopento fetch content from arbitrary URLs provided as input. This can be exploited for Server-Side Request Forgery (SSRF) to access internal network services or cloud metadata endpoints. - DATA_EXFILTRATION (MEDIUM): The
flomo.pyutility sends a POST request containing article summaries to a user-specifiedapi_url. If an attacker provides a malicious URL, this could be used to exfiltrate sensitive information processed by the agent. - PROMPT_INJECTION (LOW): The skill is highly susceptible to Indirect Prompt Injection.
- Ingestion points:
utils/downloader.pyviafetch_htmlanddownload_imagewhich retrieve content from external WeChat URLs. - Boundary markers: None. The article content is parsed into Markdown and returned to the agent context without delimiters or warnings to ignore embedded instructions.
- Capability inventory: The skill possesses network GET/POST capabilities via
urlliband local file write capabilities for image storage. - Sanitization: The
Parserclass inutils/parser.pyperforms HTML unescaping and regex-based cleaning for display purposes but does not sanitize content for malicious instructions directed at the LLM. - DATA_EXFILTRATION (SAFE): Image downloading in
utils/downloader.pyuses MD5 hashing of URLs for filenames, which effectively prevents path traversal attacks during file writes.
Audit Metadata