The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses child_process.spawn in workflows/handle_message.js and workflows/on_event.js to execute local Python scripts that handle core logic like Q&A, file processing, and notifications. User-controlled strings from message headers and content are passed as arguments to these scripts.- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted text, documents (DOCX, PDF), and images from WeChat users and utilizes an LLM to generate responses.
Ingestion points: Incoming messages and files are received in bot.js and processed in workflows/handle_message.js and workflows/on_event.js.
Boundary markers: There are no explicit delimiters or instructions to ignore embedded commands within user data passed to LLM-related scripts.
Capability inventory: The skill can execute local scripts, manage files in the /tmp directory, and communicate with external APIs (LLM providers and Telegram).
Sanitization: No explicit sanitization or filtering of user-provided content is performed before processing.- [EXTERNAL_DOWNLOADS]: The installation script install.sh downloads the pgvector source from GitHub and installs dependencies via npm and pip from official registries. Administrative privileges (sudo) are used during the setup process to install system packages and the pgvector database extension.

wecom-automation