wechat-theme-extractor

Warn

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/extract.py passes the user-provided URL directly to the curl command as an argument. A malicious input starting with a hyphen (e.g., -o or --config) could be used for argument injection to manipulate the behavior of curl, potentially allowing an attacker to read local files or write content to unintended locations.\n- [PROMPT_INJECTION]: The skill processes untrusted HTML content from external articles, creating a surface for indirect prompt injection attacks. A malicious WeChat article could contain embedded instructions designed to hijack the agent's logic during theme generation or file modification.\n
  • Ingestion points: External HTML content is fetched from WeChat and saved to .extracted_content.html in scripts/extract.py.\n
  • Boundary markers: None. The AI is instructed to analyze the file content directly without delimiters or instructions to ignore embedded commands.\n
  • Capability inventory: The agent can modify local files (markdown-to-wechat.html) and open them in a browser for previewing.\n
  • Sanitization: None. The script extracts specific HTML fragments but does not sanitize or escape the content within those fragments.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 18, 2026, 02:07 PM
Security Audit — agent-trust-hub — wechat-theme-extractor