Skills
skills/pangahn/wechat-article-reader/wechat-article-reader/Gen Agent Trust Hub

wechat-article-reader

Pass

Audited by Gen Agent Trust Hub on Mar 22, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill uses strong imperative language to override the agent's default tool selection logic. In SKILL.md, it states 'must and only use this skill' and 'strictly forbidden' to use other methods like web_fetch or web_search when encountering mp.weixin.qq.com URLs.
  • [EXTERNAL_DOWNLOADS]: The skill fetches content from the domain 'mp.weixin.qq.com'. Although restricted to this domain, the content retrieved is untrusted third-party data.
  • [PROMPT_INJECTION]: The skill exhibits vulnerability to indirect prompt injection by processing external article content without proper isolation.
  • Ingestion points: Untrusted content enters the agent context via the fetcher in 'scripts/read_wechat_article.py'.
  • Boundary markers: No delimiters or 'ignore instructions' warnings are present in the script output or prompt description.
  • Capability inventory: The skill possesses network access via curl-cffi and text parsing capabilities via BeautifulSoup.
  • Sanitization: The script performs HTML unescaping but lacks sanitization or filtering to prevent the injection of malicious instructions from the article body.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 22, 2026, 02:51 PM