content-planner

Pass

Audited by Gen Agent Trust Hub on Jun 18, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses Node.js to run a local script (wechat_search.js) to perform web searches and retrieve article data.\n- [EXTERNAL_DOWNLOADS]: The search script performs network requests to weixin.sogou.com and v.sogou.com to fetch public article information from the WeChat index.\n- [PROMPT_INJECTION]: The skill ingests untrusted data from external search results to generate topic recommendations, creating an indirect prompt injection surface.\n
  • Ingestion points: Article titles and summaries retrieved via scripts/wechat_search.js.\n
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands are used when processing scraped content.\n
  • Capability inventory: The skill generates topic lists and a content_calendar.json file intended for use by a downstream article-writer skill.\n
  • Sanitization: No sanitization or validation is applied to the retrieved article metadata before it is presented to the model.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 18, 2026, 02:59 AM
Security Audit — agent-trust-hub — content-planner