wecom-doc
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill instructions include a directive to monopolize document-related tasks, specifically telling the agent to use this skill for all such requests and not to attempt handling them in other ways. Additionally, a surface for indirect prompt injection exists:
- Ingestion points: The skill reads content and metadata from WeCom documents and smart sheets (SKILL.md).
- Boundary markers: Absent; there are no delimiters or instructions to ignore embedded content in the processed document data.
- Capability inventory: Includes shell command execution (via mcporter and npm), sensitive file access (cat ~/.openclaw/wecomConfig/config.json), and network configuration management.
- Sanitization: Absent; the instructions do not specify any validation or sanitization of external document content before processing.
- [COMMAND_EXECUTION]: The skill extensively uses shell commands for environment discovery and tool management, including 'npm install -g mcporter' for tool installation, 'which mcporter' for verification, and various 'mcporter' and 'openclaw' CLI calls for configuration. It also dynamically constructs and executes tool calls using arguments derived from runtime interactions.
- [DATA_EXFILTRATION]: The skill reads from the local file system to access configuration data, specifically targeting '~/.openclaw/wecomConfig/config.json' to obtain MCP server configuration details such as URLs and types. It also queries the local 'openclaw' configuration to retrieve the 'botId' for authorization purposes.
- [EXTERNAL_DOWNLOADS]: The skill metadata and instructions define a process for downloading and installing the 'mcporter' package from the public npm registry to the local system, which is required for the skill's operations.
Audit Metadata