wechat-theme-extractor
Warn
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/extract.pypasses the user-provided URL directly to thecurlcommand as an argument. A malicious input starting with a hyphen (e.g.,-oor--config) could be used for argument injection to manipulate the behavior ofcurl, potentially allowing an attacker to read local files or write content to unintended locations.\n- [PROMPT_INJECTION]: The skill processes untrusted HTML content from external articles, creating a surface for indirect prompt injection attacks. A malicious WeChat article could contain embedded instructions designed to hijack the agent's logic during theme generation or file modification.\n - Ingestion points: External HTML content is fetched from WeChat and saved to
.extracted_content.htmlinscripts/extract.py.\n - Boundary markers: None. The AI is instructed to analyze the file content directly without delimiters or instructions to ignore embedded commands.\n
- Capability inventory: The agent can modify local files (
markdown-to-wechat.html) and open them in a browser for previewing.\n - Sanitization: None. The script extracts specific HTML fragments but does not sanitize or escape the content within those fragments.
Audit Metadata