yao-weread-skill

Pass

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill runs scripts/generate_weread_report.py to aggregate reading data. This is a standard and expected operation for the skill's primary function.
  • [EXTERNAL_DOWNLOADS]: The generated HTML reports include script tags for loading ECharts from cdn.jsdelivr.net. This is a trusted, well-known service for serving public libraries.
  • [DATA_EXFILTRATION]: Reading data is retrieved from the official WeChat Reading API (i.weread.qq.com) and stored locally. No evidence of data being sent to untrusted third-party domains was found.
  • [INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted user content (highlights and reviews) from the reading platform.
  • Ingestion points: fetch_reviews and fetch_note_detail functions in scripts/generate_weread_report.py ingest data from API responses.
  • Boundary markers: None; the data is used for display only and not passed back to the agent as instructions.
  • Capability inventory: Local file writing via Path.write_text in scripts/generate_weread_report.py.
  • Sanitization: Employs escape_html and json.dumps to sanitize content before embedding it in the HTML report, preventing script injection.
  • [DYNAMIC_EXECUTION]: The produced HTML report utilizes new Function to parse serialized chart configuration options for ECharts. This is a localized browser-side operation for the visualization library and does not pose a threat to the agent's execution environment.
Audit Metadata
Risk Level
SAFE
Analyzed
May 18, 2026, 02:09 AM
Security Audit — agent-trust-hub — yao-weread-skill