wecomcli-manage-smartsheet-data
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on the execution of the
wecom-clicommand-line utility to perform all Smartsheet operations. This tool is a recognized resource for the WeCom (Enterprise WeChat) platform. - [PROMPT_INJECTION]: The skill processes data from external Smartsheets, which constitutes an indirect prompt injection surface.
- Ingestion points: Data is retrieved from the Smartsheet API through the
smartsheet_get_recordscommand. - Boundary markers: There are no explicit markers used to separate retrieved data from the agent's instructions.
- Capability inventory: The agent has permissions to read, write, and delete records via the
wecom-clitool. - Sanitization: The instructions do not specify any sanitization or validation steps for the data fetched from the sheets.
Audit Metadata