wechat-article-extractor
Fail
Audited by Gen Agent Trust Hub on Jun 5, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The script
scripts/extract.jsextracts JavaScript code blocks from the HTML of scraped WeChat articles and executes them using thenew Function()constructor to parse metadata and configuration objects. This pattern allows code from an untrusted external source (the website being scraped) to run within the agent's execution environment. - Evidence: Multiple calls to
new Function()inscripts/extract.js(lines 191, 218, 228, 245, 313) where the executed string is partially or fully derived from the remote page's content. - [PROMPT_INJECTION]: The skill retrieves and processes untrusted content from external WeChat articles and Sogou search results, creating a surface for indirect prompt injection attacks.
- Ingestion points:
scripts/extract.jsfetches data frommp.weixin.qq.comandweixin.sogou.com. - Boundary markers: None present; the extracted HTML content is returned to the agent in the
msg_contentfield without delimiters or instructions to ignore embedded commands. - Capability inventory: The skill has network access via
request-promiseand the capability to execute code vianew Function(). - Sanitization: The skill performs only basic HTML unescaping and string replacements, which are insufficient to prevent malicious instructions from influencing the agent.
- [DATA_EXFILTRATION]: The skill performs outbound network operations to fetch content from WeChat and Sogou, and sends data (including user prompts and reference images) to the Canghe AI API.
- Evidence: GET requests to WeChat/Sogou in
scripts/extract.jsand POST requests toapi.canghe.aiincanghe-image-gen/scripts/generate_image.py. - [EXTERNAL_DOWNLOADS]: The skill includes functionality to download images from arbitrary URLs provided in the API response or by the user.
- Evidence:
download_imagefunction incanghe-image-gen/scripts/generate_image.py.
Recommendations
- AI detected serious security threats
Audit Metadata