wechat-converter
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill processes untrusted input ('通用写作 Skill 产出的内容') and possesses file-manipulation capabilities (
Write,Edit). Without explicit boundary markers, an attacker providing the input content could embed instructions to manipulate files beyond the intended scope of conversion. - Ingestion points: Processes 'general writing content' as specified in the SKILL.md description.
- Boundary markers: Absent. The instructions do not define specific delimiters (e.g., XML tags or triple quotes) to separate the content from the formatting instructions.
- Capability inventory:
Read,Write,Edit,Grep,Glob. - Sanitization: Absent. The skill instructions do not include steps to sanitize or ignore embedded commands in the source text.
Audit Metadata