weixin-article-to-obsidian

Pass

Audited by Gen Agent Trust Hub on Jun 19, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The script 'scripts/download_weixin_article.py' invokes an external 'opencli' command using 'subprocess.run'. The implementation uses a list of arguments rather than a shell string, which is a secure method that avoids shell-based command injection vulnerabilities.
  • [EXTERNAL_DOWNLOADS]: The skill retrieves article data and images from WeChat's official domains ('mp.weixin.qq.com' and 'mmbiz.qpic.cn'). These network operations are necessary for the skill's primary function of local archiving and are targeted at well-known service domains.
  • [PROMPT_INJECTION]: The skill processes untrusted content from external WeChat articles.
  • Ingestion points: Content is fetched via 'fetch_text' and 'fetch_bytes' in 'scripts/download_weixin_article.py'.
  • Boundary markers: None are explicitly used to isolate the article content in the generated Markdown.
  • Capability inventory: The script has permissions for file writes ('write_text', 'write_bytes') and command execution ('subprocess.run').
  • Sanitization: Basic sanitization is applied via 'clean_text' and 'sanitize_filename' to ensure data integrity. The risk is considered low given the skill's specific purpose for archival.
  • [DATA_EXFILTRATION]: The script manages local file creation for Markdown notes and images. It incorporates a directory validation check ('Path.relative_to') to ensure all writes occur within the specified Obsidian vault root, effectively preventing path traversal attacks.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 19, 2026, 01:55 PM
Security Audit — agent-trust-hub — weixin-article-to-obsidian