wecomcli-edit-todo
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes the 'wecom-cli' binary to perform create, update, delete, and status change operations on WeCom todo items. User-provided data is passed as a JSON string argument to the shell command.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because untrusted data from user requests is interpolated into shell commands. \n
- Ingestion points: User-provided todo content, reminder times, and follower IDs provided in SKILL.md. \n
- Boundary markers: Absent. \n
- Capability inventory: Shell command execution via 'wecom-cli' in SKILL.md. \n
- Sanitization: Absent; the instructions do not specify how to escape or validate user-provided strings before including them in the JSON payload for the CLI.
Audit Metadata