Skills
skills/wecomteam/wecom-cli/wecomcli-get-meeting/Gen Agent Trust Hub

wecomcli-get-meeting

Pass

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [SAFE]: The skill is developed by 'WeComTeam' and utilizes its own official tool, wecom-cli. The operations performed are consistent with the skill's description for managing enterprise meetings.
  • [COMMAND_EXECUTION]: The skill relies on executing shell commands through the wecom-cli binary. It passes user-provided parameters (such as dates and meeting IDs) encapsulated within JSON strings to the binary.
  • [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it processes untrusted data from meeting fields.
  • Ingestion points: SKILL.md (via get_meeting_info output) reads meeting titles, descriptions, and participant names.
  • Boundary markers: Absent in the provided templates.
  • Capability inventory: Shell command execution via the wecom-cli binary.
  • Sanitization: No explicit sanitization of retrieved meeting metadata is described before it is presented to the agent context.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 29, 2026, 05:08 PM