wechat-article-extractor
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
exectool to runcurlfor downloading HTML and a local Python script (scripts/extract_wechat.py) for processing content. \n- [EXTERNAL_DOWNLOADS]: The workflow involves downloading HTML content from various third-party mirror sites (e.g., 53ai.com, juejin.cn, ofweek.com) to bypass WeChat's anti-bot protections. \n- [PROMPT_INJECTION]: Indirect prompt injection risk is present because the skill ingests untrusted HTML from external websites. Mandatory Evidence Chain: \n - Ingestion points: Mirror HTML files (e.g.,
/tmp/wechat-article.html) and direct fetches viaweb_fetch. \n - Boundary markers: The script isolates the article body, but the agent lacks explicit instructions to ignore instructions found within the extracted text. \n
- Capability inventory: Uses
exec(subprocess execution),web_fetch,web_search, and optionallybrowser. \n - Sanitization: The
extract_wechat.pyscript removes<script>and<style>tags and uses regex for deterministic extraction rather than LLM-based parsing.
Audit Metadata