wechat-theme-extractor-cn
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script scripts/extract.py executes the system command curl via subprocess.run to fetch article content from a user-supplied URL.
- [EXTERNAL_DOWNLOADS]: The skill downloads content from external WeChat article URLs (mp.weixin.qq.com) to be processed locally.
- [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection (Category 8) due to its data processing workflow. * Ingestion points: Remote article content is fetched and saved to .extracted_content.html by scripts/extract.py. * Boundary markers: There are no explicit delimiters or system instructions to prevent the AI from following commands embedded within the fetched HTML. * Capability inventory: The AI has the ability to modify local files (markdown-to-wechat.html) and request the agent to open files in a system browser. * Sanitization: The skill does not perform any sanitization or validation on the external content before it is processed by the AI.
Audit Metadata