wechat-publisher
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/export-to-html.pyinteracts with thewpsnote-clibinary using thesubprocess.runfunction. - Evidence: Implementation found in the
_cli_runfunction. - Context: Arguments are passed as a list and the shell is disabled, which mitigates shell injection risks. This is standard functionality for retrieving note data from the vendor's application.\n- [PROMPT_INJECTION]: The skill processes external data from WPS notes, which creates a potential surface for indirect prompt injection.
- Ingestion points: Note content retrieved via the
wpsnote-clitool or MCP tools as defined inscripts/export-to-html.py. - Boundary markers: No delimiters or specific instruction-ignore warnings are applied to the note content before processing.
- Capability inventory: The skill can execute
wpsnote-cliand write to the local file system to generate HTML files. - Sanitization: The conversion logic uses
html.escapeto ensure HTML safety, but does not sanitize content against LLM-specific instruction overrides.\n- [SAFE]: The skill follows secure coding practices for its internal operations. - Evidence: Configuration files are parsed using
yaml.safe_load()in bothscripts/export-to-html.pyandscripts/md_to_html.py, preventing unsafe deserialization. - Evidence: Network activity is limited to referencing public image URLs in the generated HTML, and local file access is restricted to reading the note's XML or the user's provided Markdown files.
Audit Metadata