wechat-article-writer
Pass
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface when extracting styles from user-provided articles or processing draft content.
- Ingestion points: User-pasted articles in the 'Style Extraction' flow and Markdown files in the
drafts/directory. - Boundary markers: The instructions lack explicit delimiters or warnings to the agent to ignore instructions embedded within the processed text.
- Capability inventory: The skill can execute local shell and Node.js scripts, perform network requests to the WeChat API, and write files to the local system.
- Sanitization: While the upload script uses HTML escaping for content payload, the agent's processing of source text lacks specific sanitization logic.
- [COMMAND_EXECUTION]: Automates image generation and article publishing by executing local shell (
scripts/export-drawio.sh) and Node.js (scripts/upload-to-wechat.js) scripts. These scripts are invoked with parameters such as titles and file paths derived from user input. - [EXTERNAL_DOWNLOADS]: Suggests the use of
npx wechat-article-publisherin the documentation for automated publishing, which downloads and executes a package from the well-known NPM registry.
Audit Metadata