wecomcli-todo
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill interfaces with the
wecom-clibinary to manage todos. It executes shell commands where input parameters are encapsulated in single-quoted JSON strings, a standard operational pattern for this toolset. - [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface as it retrieves and processes user-generated todo descriptions that could contain malicious instructions. 1. Ingestion points: Todo content retrieved via
get_todo_detailinSKILL.md. 2. Boundary markers: No specific delimiters are used to wrap external content in the display instructions. 3. Capability inventory: Commands includecreate_todo,update_todo, anddelete_todoinSKILL.md. 4. Sanitization: The instructions do not specify sanitization or validation for retrieved todo text. - [SAFE]: The skill includes safety-oriented instructions such as requiring explicit human confirmation before executing the
delete_todooperation and ensuring user IDs are resolved to names via thewecomcli-contactskill to prevent ambiguity.
Audit Metadata