wechat-article-fetcher
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is designed to ingest and process untrusted data from external WeChat URLs, creating a surface for embedded malicious instructions.
- Ingestion points: External article content fetched from
mp.weixin.qq.comviabin/main.pyandutils/downloader.py. - Boundary markers: Absent; no mention of delimiters or instructions to the agent to ignore content within the fetched articles.
- Capability inventory: Network GET/POST requests, local file system writes (
images/directory), and summarization logic. - Sanitization: No evidence of content sanitization or filtering of the fetched HTML/Markdown before it is processed by the agent.
- [Data Exfiltration] (LOW): The skill facilitates sending data (article summaries) to an arbitrary external URL provided by the user as a 'flomo secret'. While intended for integration, this mechanism allows the agent to transmit processed information to any network endpoint.
- [External Downloads] (SAFE): The skill performs automated downloads of image resources from WeChat servers. This is consistent with its primary purpose of article localization and does not involve executing remote code.
Audit Metadata