readgzh
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill ingests untrusted data from external WeChat articles, which constitutes a potential surface for indirect prompt injection attacks.
- Ingestion points: External article content fetched from
mp.weixin.qq.comURLs via thereadgzh.readtool (SKILL.md). - Boundary markers: Absent; there are no instructions provided to the agent to treat the fetched article content as untrusted or to ignore embedded instructions.
- Capability inventory: The skill utilizes network capabilities to communicate with the
api.readgzh.siteendpoint (SKILL.md). - Sanitization: No evidence of sanitization, filtering, or validation of the ingested article content was found in the documentation.
- [DATA_EXFILTRATION]: The skill transmits user-provided WeChat URLs to an external API (
api.readgzh.site). As this service belongs to the skill's vendor (GPTtang), this behavior is consistent with the primary purpose of the skill and the expected operational workflow.
Audit Metadata