wechat-content-optimizer
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill defines a workflow step that executes a local Node.js script using a shell command template. This template includes a placeholder for a user-provided file path. If the agent does not properly sanitize or escape this input, an attacker could potentially execute arbitrary shell commands by providing a path containing shell metacharacters.
- [PROMPT_INJECTION]: The skill processes untrusted data from local Markdown files, creating an attack surface for indirect prompt injection. Malicious instructions embedded within a file could attempt to override the agent's optimization logic or extract sensitive information.
- Ingestion points: The script
scripts/optimize.jsreads the entire content of a user-specified Markdown file and outputs it to the agent. - Boundary markers: The script utilizes
---FILE_CONTENT_START---and---FILE_CONTENT_END---as delimiters to demarcate the untrusted content. - Capability inventory: The agent has the capability to read local files, execute a provided Node.js script, and write optimized content (potentially overwriting original files) to the filesystem.
- Sanitization: No sanitization, instruction filtering, or safety validation is performed on the content of the Markdown file before it is processed by the AI.
Audit Metadata