Skills
skills/aiworkskills/wechat-article-skills/aws-wechat-article-topics/Gen Agent Trust Hub

aws-wechat-article-topics

Pass

Audited by Gen Agent Trust Hub on Apr 26, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill invokes local Python scripts (article_init.py and getdraft.py) located in sibling directories to manage article initialization and metadata.
  • Evidence: Found in SKILL.md references to {baseDir}/../aws-wechat-article-publish/scripts/.
  • Context: These scripts are part of the 'aiworkskills' suite and represent standard vendor-provided functionality for the article management workflow.
  • [DATA_EXFILTRATION]: The skill is designed to perform network operations using web search and fetch tools to gather external information.
  • Evidence: SKILL.md and references/research-strategy.md detail strategies for calling web_search and web_fetch.
  • Context: This behavior is used to research competitor content and trending topics as part of the primary skill purpose.
  • [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection due to its ingestion of untrusted content from the web.
  • Ingestion points: External article content and search snippets retrieved via web_search and web_fetch (documented in references/research-strategy.md).
  • Boundary markers: Absent; there are no specific instructions or delimiters provided to isolate the fetched external content from the agent's core instructions.
  • Capability inventory: The agent has the ability to write to the local filesystem (creating topic-card.md, research.md, and article.yaml) and execute suite-specific Python scripts.
  • Sanitization: Absent; the skill lacks explicit logic to sanitize or filter potential instructions embedded within the external research data.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 26, 2026, 05:41 AM