wechat-article-to-markdown
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches HTML content and images from WeChat's official domains (mp.weixin.qq.com and weixin.qq.com) based on user-provided URLs. This is the core functionality for converting public articles.
- [COMMAND_EXECUTION]: The skill includes a standalone Python script,
scripts/wechat_article_pipeline.py, which is intended to be executed via the command line to perform the article conversion and image downloading. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted external content from WeChat articles.
- Ingestion points: Data enters the system via
requests.getcalls inWeChatArticlePipeline.fetch_htmlandMarkdownImageDownloader.downloadwithinscripts/wechat_article_pipeline.py. - Boundary markers: No explicit delimiters or instructions are used to mark the boundaries of the external content or to warn the agent to ignore embedded instructions in the generated Markdown.
- Capability inventory: The script has the capability to read from the network and write files to the local filesystem.
- Sanitization: While the skill sanitizes HTML tags and removes 'noise' (like WeChat-specific metadata), it does not perform sanitization or filtering to detect or neutralize natural language instructions intended for an LLM.
Audit Metadata