wecom-automation
Warn
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The install.sh script uses sudo to install system packages and the pgvector database extension during setup.
- [EXTERNAL_DOWNLOADS]: The installation process clones the pgvector repository from GitHub for manual compilation and installation.
- [REMOTE_CODE_EXECUTION]: The Node.js logic uses child_process.spawn to execute multiple Python scripts (such as answer_question.py and process_file.py) to handle user interactions; however, these core scripts are missing from the package, preventing a full security audit of the execution logic.
- [PROMPT_INJECTION]: Incoming messages from WeChat are processed as input for LLM interactions, which creates an indirect prompt injection surface where external users might attempt to influence agent behavior.
Audit Metadata