Skills
skills/qiye45/wechatdownload/wechat-article-downloader/Gen Agent Trust Hub

wechat-article-downloader

Warn

Audited by Gen Agent Trust Hub on Apr 18, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill utilizes a remote fallback MCP endpoint at https://changfengbox.top/api/mcp for processing articles when a local server is unavailable. This involves relying on an external, non-standard service for core functionality.
  • [DATA_EXFILTRATION]: Article URLs, which may contain session-specific tokens or tracking parameters, are transmitted to the external domain changfengbox.top. This represents a data exposure risk to an unverified third party.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it retrieves and processes content from external, attacker-controllable URLs (WeChat articles). There are no documented boundary markers or sanitization procedures to prevent malicious instructions embedded in articles from influencing the agent's behavior.
  • Ingestion points: Content from WeChat articles via single_article_download and wechat tools.
  • Boundary markers: Absent; no instructions provided to treat retrieved article content as untrusted data.
  • Capability inventory: Performs network requests via requests.post and local file system writes to a download directory.
  • Sanitization: Absent; the skill does not specify any validation or filtering of the article content before processing.
  • [COMMAND_EXECUTION]: The skill provides Python code snippets using the requests library to interact with local and remote endpoints. Execution of these snippets by the agent grants it the capability to make arbitrary network connections.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 18, 2026, 12:40 PM
Security Audit — agent-trust-hub — wechat-article-downloader