wechat-article-writer
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill defines a workflow that ingests data from untrusted external sources, creating a surface for potential indirect prompt injection attacks.\n
- Ingestion points: The skill fetches information via a web search tool from public platforms such as X/Twitter, Reddit, and various technical forums (Step 1), and reads a local configuration file named
CLAUDE.md(Step 2).\n - Boundary markers: No explicit delimiters or system instructions are provided to distinguish between the agent's core instructions and the untrusted content retrieved from external sources.\n
- Capability inventory: The skill's operations are limited to text processing, summarization, and formatting; no dangerous capabilities like shell command execution, filesystem modification, or network requests to non-whitelisted domains were identified.\n
- Sanitization: The skill lacks logic to sanitize, filter, or validate the input from search results or configuration files before incorporating them into the article generation process.
Audit Metadata