get-qiwei-message
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements its documented purpose of querying chat records from a specific API gateway without any hidden or suspicious behavior.
- [CREDENTIALS_UNSAFE]: No hardcoded credentials or secrets were found. The skill correctly instructs the user to configure sensitive information such as
QIWEI_OPEN_APP_KEYandQIWEI_OPEN_CORP_IDthrough environment variables. - [DATA_EXFILTRATION]: The skill accesses sensitive chat data, but this is its primary stated functionality. The data is sent to and retrieved from a specific corporate gateway (
gateway.test.xdf.cn) and is not exfiltrated to unauthorized third-party domains. - [PROMPT_INJECTION]: The skill processes external chat data, creating a surface for indirect prompt injection.
- Ingestion points:
scripts/get_qiwei_message.pyfetches chat message content from the remote WeCom API. - Boundary markers: None present; the script returns raw JSON data from the API response to the agent context.
- Capability inventory: The skill has the ability to perform network POST requests and read local JSON files.
- Sanitization: No sanitization or filtering of the retrieved chat message content is performed before processing.
Audit Metadata