wecom-cs-automation
Warn
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
- [COMMAND_EXECUTION]: The
install.shscript performs automated system configuration that requires elevated privileges viasudo, including updating package repositories, installing PostgreSQL, and compiling source code. - [EXTERNAL_DOWNLOADS]: Fetches and builds the
pgvectorextension from its official GitHub repository (github.com/pgvector/pgvector) during the installation process. - [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection where malicious instructions embedded in user queries could influence the agent's behavior.
- Ingestion points:
workflows/answer_question.py(processes external user questions). - Boundary markers: Absent; user queries are directly interpolated into the LLM prompt without delimiters or warnings.
- Capability inventory: Database access (
psycopg2), LLM communication (openai), and messaging via WeChat Work and Telegram. - Sanitization: No sanitization or validation of user-provided content is implemented before it is passed to the LLM.
- [CREDENTIALS_UNSAFE]: The installation script creates a
.envfile template for storing sensitive information, such asWECOM_AGENT_SECRETandLLM_API_KEY, in plain text on the local filesystem.
Audit Metadata