article-writer
Warn
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local Node.js script for material collection using the shell.
- Evidence:
node "$SKILLS_ROOT/content-planner/scripts/wechat_search.js" "topic keywords" -n 10inSKILL.md. - Risk: The "topic keywords" are derived directly from user input or external files (
content_calendar.json). If these inputs contain shell metacharacters (e.g.,;,&,|), it could lead to arbitrary command execution on the host system. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection via the data it processes.
- Ingestion points: The skill reads topic descriptions and metadata from
content_calendar.jsonand direct user input (SKILL.md). - Boundary markers: No explicit delimiters or instructions to ignore embedded commands are used when interpolating these inputs into the workflow.
- Capability inventory: The skill has the ability to execute shell commands (via
node) and write files to thedrafts/directory. - Sanitization: There is no evidence of input validation or escaping for the data used in command arguments or content generation.
Audit Metadata