The Agent Skills Directory

[DATA_EXFILTRATION]: The skill facilitates the retrieval of directory information, including user IDs, names, and aliases. This access is identified as the primary function of the skill and is governed by strict limitations: it only retrieves users within the current user's visibility scope and explicitly errors out if more than 10 results are returned, which serves as a safeguard against bulk data exposure.
[PROMPT_INJECTION]: The skill is subject to an indirect prompt injection surface. 1. Ingestion points: Untrusted data is ingested from the corporate directory via the get_userlist call. 2. Boundary markers: The skill does not define specific delimiters or instructions to the agent to disregard potential commands embedded within contact names or aliases. 3. Capability inventory: Retreived data is displayed to the user and can be passed to subsequent tools, such as message-sending interfaces. 4. Sanitization: No evidence of input validation or output escaping for the directory data is present in the instruction set. This is a common surface for data-processing skills and is mitigated here by the result count limitation.

wecom-contact-lookup