wecomcli-edit-meeting
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill facilitates meeting management by executing the
wecom-clibinary with structured JSON parameters. This is the intended functional mechanism of the tool and is performed locally on the user's system. - [DATA_EXPOSURE]: The skill interacts with enterprise meeting data and contact lists (e.g., meeting IDs, user IDs, and names). This access is necessary for the stated purpose of meeting management and occurs within the authenticated context of the Enterprise WeChat environment.
- [INDIRECT_PROMPT_INJECTION]: The skill processes external data such as meeting titles and user descriptions returned from previous tool calls. While this constitutes a standard vulnerability surface for indirect prompt injection, the data source is the enterprise's own internal system, and the skill correctly uses JSON structures to handle parameters.
Audit Metadata