Skills
skills/dtyq/magic/connecting-im-bot/Gen Agent Trust Hub

connecting-im-bot

Pass

Audited by Gen Agent Trust Hub on Mar 28, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses run_skills_snippet in its reference files (reference/dingtalk.md, reference/lark.md, reference/wecom.md) to execute Python code that invokes connection tools. This code dynamically interpolates user-provided credentials—such as Client Secret, App Secret, and Bot Secret—directly into the tool arguments.
  • [PROMPT_INJECTION]: The skill sets up an indirect prompt injection surface by connecting the agent to external messaging platforms where untrusted users can send inputs.
  • Ingestion points: Incoming messages from connected IM platforms (DingTalk, Lark, WeCom) via WebSocket as described in SKILL.md.
  • Boundary markers: No explicit markers or delimiters are defined to isolate incoming messages from the agent's system instructions.
  • Capability inventory: The skill allows the execution of Python snippets and tool calls via run_skills_snippet (documented across all files).
  • Sanitization: There is no evidence of sanitization or filtering of external messages before they are processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 28, 2026, 12:27 PM