md-to-wechat
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted Markdown content and command-line metadata without sanitization, creating an indirect prompt injection surface.
- Ingestion points: The
md_to_wechat.pyscript (line 353) reads user-provided Markdown files and accepts metadata (title, author, subtitle, tags) via CLI arguments in bothmd-to-wechat.shandmd_to_wechat.py. - Boundary markers: The skill does not use delimiters or instructions to prevent the agent from following commands embedded in the Markdown data or metadata.
- Capability inventory: The skill performs file system write operations in
md_to_wechat.py(line 369) to save the generated HTML content. - Sanitization: There is no HTML escaping or sanitization for Markdown elements (headers, quotes, tables, lists) or metadata fields during the conversion process, allowing malicious HTML or script tags to be injected into the final output.
Audit Metadata