content-planner
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
cheeriopackage from the official npm registry to support HTML parsing. - [COMMAND_EXECUTION]: The agent executes a local search utility (
scripts/wechat_search.js) to interact with the Sogou WeChat index. - [DATA_EXFILTRATION]: The search utility performs network requests to well-known services (Sogou and WeChat) to retrieve public article metadata. No sensitive local data is transmitted to these external domains.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted content from search results.
- Ingestion points:
scripts/wechat_search.jsretrieves article titles and summaries from the Sogou WeChat index. - Boundary markers: Absent; there are no explicit delimiters or instructions provided to the agent to treat the retrieved metadata as untrusted.
- Capability inventory: The skill can execute local scripts and generate a structured content calendar file (
content_calendar.json). - Sanitization: Absent; the article content retrieved from the web is not sanitized or filtered before being analyzed by the agent.
Audit Metadata