Skills
skills/solar-luna/fully-automatic-article-generation-skill/wechat-tech-writer/Gen Agent Trust Hub

wechat-tech-writer

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION] (LOW): The skill contains an indirect prompt injection surface as it passes user-supplied prompts directly to third-party image generation APIs.\n
  • Ingestion points: scripts/generate_image.py via the --prompt argument.\n
  • Boundary markers: Absent. The prompt is passed to the models as a raw string.\n
  • Capability inventory: Network operations to Google and OpenAI APIs.\n
  • Sanitization: None. No filtering or encoding of user-provided prompt strings.\n- [DATA_EXPOSURE] (LOW): The scripts generate_cover_optimized.py and generate_temp.py include hardcoded Windows absolute file paths (e.g., G:\git_pull\...). This exposes the developer's local file structure and limits script portability.\n- [EXTERNAL_DOWNLOADS] (SAFE): The skill utilizes legitimate, well-known libraries (google-genai, requests) and interacts exclusively with official API endpoints for Google and OpenAI.\n- [CREDENTIALS_UNSAFE] (SAFE): API keys are managed through environment variables rather than being hardcoded in scripts or documentation, aligning with security best practices.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:19 PM