readgzh
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill transmits article URLs and search queries to api.readgzh.site. This network activity is required for the tool's core functionality, but the domain is not among the whitelisted services.\n- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by retrieving and processing content from external WeChat articles.\n
- Ingestion points: The readgzh.read and readgzh.get tools fetch data from external articles via the ReadGZH API.\n
- Boundary markers: The skill does not define explicit delimiters or instructions to treat the retrieved content as untrusted data.\n
- Capability inventory: The skill has no capabilities to execute local commands, write files, or access sensitive system resources, which limits the potential impact of an injection.\n
- Sanitization: No local sanitization of the article content is performed within the skill configuration.
Audit Metadata