Skills
skills/aaaaqwq/agi-super-team/wecom-automation/Gen Agent Trust Hub

wecom-automation

Warn

Audited by Gen Agent Trust Hub on Apr 17, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The install.sh script executes multiple commands with sudo privileges to perform system-level tasks such as installing packages, managing the PostgreSQL database, and installing the compiled pgvector extension.
  • [COMMAND_EXECUTION]: The workflows/handle_message.js and workflows/on_event.js scripts utilize child_process.spawn to run Python utilities, passing user-supplied input (such as message text and sender names) directly as command-line arguments to the scripts.
  • [EXTERNAL_DOWNLOADS]: The installation script fetches system dependencies using apt and clones the pgvector extension from its official GitHub repository.
  • [REMOTE_CODE_EXECUTION]: During the setup process, the skill clones, builds, and installs the pgvector library from a remote GitHub repository using make and sudo make install at runtime.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface. Untrusted data enters the system through the onMessage event in bot.js. The skill lacks explicit sanitization or boundary markers before processing this data through an LLM and local scripts (runPythonScript in handle_message.js), which have capabilities such as file system and database access.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 17, 2026, 02:06 AM