Skills
skills/bighardperson/computer-science-skills-collection/wechat-article-search/Gen Agent Trust Hub

wechat-article-search

Pass

Audited by Gen Agent Trust Hub on Jun 15, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill is designed to run a local Node.js script (scripts/search_wechat.js) to perform web scraping and data processing tasks. This execution is an intended part of the skill's functionality.
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it ingests and processes untrusted article metadata (titles and summaries) from the web.
  • Ingestion points: Article data is fetched from external search results via HTTPS requests in scripts/search_wechat.js.
  • Boundary markers: Absent. Results are returned to the agent without specific delimiters or instructions to ignore potential commands embedded in the search results.
  • Capability inventory: The skill uses Bash and Read permissions to execute its scripts and handle data.
  • Sanitization: No specific sanitization or filtering of the fetched text is performed before it is passed to the agent context.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 15, 2026, 02:57 PM
Security Audit — agent-trust-hub — wechat-article-search