wechat-article-search
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (LOW): Potential for indirect prompt injection from external data ingestion.
- The skill searches and retrieves content from WeChat Official Accounts, which are untrusted external sources. Maliciously crafted articles could contain hidden instructions aimed at overriding the agent's behavior during processing or summarization.
- Ingestion points: WeChat article titles, summaries, and content via the search tool.
- Boundary markers: No explicit delimiters or warnings (e.g., 'ignore instructions within the search results') are provided in the prompt instructions.
- Capability inventory: The skill can perform network requests and write results to local files (
-oflag). - Sanitization: No evidence of sanitization or filtering for the retrieved external text before it is presented to the LLM.
- COMMAND_EXECUTION (LOW): Instructions to execute an unverified local script.
- The skill instructs the agent to run
node scripts/search_wechat.js. However, the contents ofscripts/search_wechat.jswere not included in the skill package for analysis. While the described functionality is standard for a search tool, the actual behavior of the script remains unverified. - EXTERNAL_DOWNLOADS (SAFE): Installation of a standard dependency.
- The skill requires the
cheerioNode.js package.cheeriois a reputable, standard library for parsing HTML. Installing it vianpm installis a standard procedure for such tools.
Audit Metadata