Skills
skills/wwwzhouhui/skills_collection/wechat-article-aggregator/Gen Agent Trust Hub

wechat-article-aggregator

Pass

Audited by Gen Agent Trust Hub on Feb 26, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Communicates with the external API at https://down.mptext.top to fetch article metadata and download HTML content. This is the core functionality of the skill as documented.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by ingesting and processing untrusted data from external WeChat articles.
  • Ingestion points: Untrusted HTML data is fetched from external URLs via the download_article_html function in scripts/fetch_articles.py.
  • Boundary markers: The resulting output files do not contain explicit delimiters or instructions to prevent an AI from following commands embedded in the text.
  • Capability inventory: The skill possesses the ability to perform network requests and write to the local file system, which are necessary for its article collection purpose.
  • Sanitization: The tool uses BeautifulSoup or a dedicated HTMLParser to target the #js_content element, which removes script and style tags, reducing the risk of malicious code execution while maintaining the article's natural language content.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 26, 2026, 12:33 AM