content-planner
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses Node.js to run a local script (
wechat_search.js) to perform web searches and retrieve article data.\n- [EXTERNAL_DOWNLOADS]: The search script performs network requests toweixin.sogou.comandv.sogou.comto fetch public article information from the WeChat index.\n- [PROMPT_INJECTION]: The skill ingests untrusted data from external search results to generate topic recommendations, creating an indirect prompt injection surface.\n - Ingestion points: Article titles and summaries retrieved via
scripts/wechat_search.js.\n - Boundary markers: No explicit delimiters or instructions to ignore embedded commands are used when processing scraped content.\n
- Capability inventory: The skill generates topic lists and a
content_calendar.jsonfile intended for use by a downstreamarticle-writerskill.\n - Sanitization: No sanitization or validation is applied to the retrieved article metadata before it is presented to the model.
Audit Metadata