wechat-article-extractor

Fail

Audited by Snyk on Jun 5, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E006: Malicious code pattern detected in skill scripts.

  • Malicious code pattern detected (high risk: 1.00). The WeChat extractor contains multiple deliberate dynamic-eval patterns (new Function(...) executing JavaScript extracted from fetched HTML) that allow execution of attacker-controlled code (RCE/data-exfiltration risk); the Canghe image script sends local images and prompts to an external API (expected behavior) but no hidden backdoor or credential-stealing logic beyond these risky evals.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.85). The skill fetches runtime HTML from an outsider-controlled URL (e.g., mp.weixin.qq.com / weixin.sogou.com) via request-promise, then parses and returns msg_content (HTML) and other text fields derived from that page into the agent’s context.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.90). The skill fetches article pages from https://mp.weixin.qq.com (and weixin.sogou.com) at runtime and then uses Function/new Function to evaluate JavaScript extracted from those remote pages, which executes remote content that the extractor relies on to parse metadata.

Issues (3)

E006
CRITICAL

Malicious code pattern detected in skill scripts.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata
Risk Level
CRITICAL
Analyzed
Jun 5, 2026, 08:26 AM
Issues
3
Security Audit — snyk — wechat-article-extractor