Skills
skills/youmind-openlab/skills/youmind-wechat-article/Gen Agent Trust Hub

youmind-wechat-article

Fail

Audited by Gen Agent Trust Hub on Apr 1, 2026

Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits a vulnerability surface for indirect prompt injection (Category 8).
  • Ingestion points: The skill fetches external data from Chinese news platforms (Weibo, Toutiao, Baidu) via scripts/fetch_hotspots.py and user-curated content from the YouMind knowledge base via toolkit/src/youmind-api.ts.
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the scripts that process this external data.
  • Capability inventory: The toolkit possesses capabilities including command execution (cli.ts, mermaid-processor.ts) and network publication to WeChat API (publisher.ts).
  • Sanitization: External content is processed through Markdown-it and Cheerio for HTML conversion, providing structural sanitization but not semantic instruction filtering.
  • [EXTERNAL_DOWNLOADS]: The skill performs legitimate network operations to fetch trending data from well-known Chinese social media platforms and interacts with official APIs for WeChat (api.weixin.qq.com) and YouMind (youmind.com).
  • [COMMAND_EXECUTION]: The toolkit executes shell commands for its primary operations, including building the TypeScript project, installing dependencies, and rendering Mermaid diagrams using the @mermaid-js/mermaid-cli.
  • [SAFE]: Setup instructions in the README recommend using curl | python3 to fetch the user's public IP address. This is a common utility command for WeChat whitelist configuration and utilizes the well-known httpbin.org service.
Recommendations
  • HIGH: Downloads and executes remote code from: https://httpbin.org/ip - DO NOT USE without thorough review
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 1, 2026, 11:47 AM