Skills
skills/yangsonhung/awesome-agent-skills/wechat-theme-extractor/Gen Agent Trust Hub

wechat-theme-extractor

Pass

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a local Python script scripts/extract.py which uses the subprocess module to invoke curl. This is used to fetch the content of the WeChat article provided by the user. The command is implemented securely by passing arguments as a list to avoid shell injection.
  • [EXTERNAL_DOWNLOADS]: The skill fetches HTML content from mp.weixin.qq.com. This is a well-known service, and the operation is required for the skill to perform its intended theme extraction functionality.
  • [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection (Category 8) because it ingests and analyzes untrusted data from external URLs.
  • Ingestion points: External HTML content is fetched via scripts/extract.py and saved to .extracted_content.html for the AI to analyze.
  • Boundary markers: There are no explicit boundary markers or instructions to ignore embedded commands when the AI processes the extracted HTML file.
  • Capability inventory: The skill has the capability to write to local files (markdown-to-wechat.html) and trigger browser previews, which could be targeted by instructions hidden in a malicious article.
  • Sanitization: The script extracts content using regex but does not perform sanitization or filtering of the HTML to remove potential prompt injection payloads.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 29, 2026, 10:41 AM