Skills
skills/wecomteam/wecom-cli/wecomcli-lookup-contact/Gen Agent Trust Hub

wecomcli-lookup-contact

Pass

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes the wecom-cli contact get_userlist '{}' command to retrieve directory information from the WeCom environment.
  • [DATA_EXPOSURE]: The skill handles sensitive organizational data, specifically employee names, user IDs, and aliases. This access is consistent with the skill's primary purpose and is restricted by the user's permissions and a 10-member safety limit defined in the instructions.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data originating from an external command-line tool.
  • Ingestion points: Results from the wecom-cli contact get_userlist command referenced in SKILL.md.
  • Boundary markers: Absent.
  • Capability inventory: Shell command execution using the wecom-cli binary.
  • Sanitization: The skill assumes a structured JSON response from the vendor's tool.
  • [SAFE]: All identified operations and resource references (such as wecom-cli) are associated with the official vendor 'WeComTeam' and align with the skill's stated utility.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 29, 2026, 05:08 PM