Skills
skills/wulaosiji/skills/md-to-wechat/Gen Agent Trust Hub

md-to-wechat

Pass

Audited by Gen Agent Trust Hub on Apr 18, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes external Markdown content that may contain malicious instructions.
  • Ingestion points: The md_to_wechat.py script (line 301) reads Markdown content from a file path provided via the command-line arguments.
  • Boundary markers: No delimiters or isolation instructions are present to prevent the agent from interpreting instructions embedded within the Markdown data.
  • Capability inventory: The skill includes file-writing capabilities as its primary function, which can be directed to any path the agent can access.
  • Sanitization: The script performs basic HTML escaping for content within code blocks but does not sanitize or filter the main body of the Markdown text for potential agent-directed commands.
  • [COMMAND_EXECUTION]: The skill allows specifying an arbitrary output file path via the command line, which could lead to unauthorized file overwriting.
  • Evidence: The -o/--output argument in md_to_wechat.py (line 332) is passed directly to the open() function (line 319) without verifying that the destination path is restricted to a safe directory or validated against expected filenames.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 18, 2026, 01:11 AM