Skills
skills/yangsonhung/awesome-agent-skills/wechat-theme-extractor-cn/Gen Agent Trust Hub

wechat-theme-extractor-cn

Warn

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The scripts/extract.py script executes the system curl command using subprocess.run to fetch article content. It passes a user-supplied URL directly as a command-line argument without validation. This creates a risk of argument injection; for instance, a URL starting with a hyphen (e.g., -o) could be used to trick the utility into overwriting local files.
  • [EXTERNAL_DOWNLOADS]: The skill fetches HTML data from the WeChat domain (mp.weixin.qq.com). While this is a well-known service, the automated retrieval of remote content is a sensitive operation necessary for the skill's functionality.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it instructs the AI to analyze content fetched from external, untrusted URLs.
  • Ingestion points: Remote HTML content fetched by scripts/extract.py and saved to .extracted_content.html for AI analysis.
  • Boundary markers: The content is wrapped in basic HTML comments which do not prevent an LLM from following instructions that might be embedded in the article body.
  • Capability inventory: The AI is authorized to modify the local configuration file markdown-to-wechat.html and open the system browser for previewing.
  • Sanitization: No filtering or sanitization of the remote HTML is performed before the AI processes it.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 29, 2026, 10:41 AM