wecom-edit-todo
Pass
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements a robust security model for task management by enforcing user confirmation for 'delete_todo' operations and status changes to 'rejected'.
- [SAFE]: All operations are scoped to the 'wecom_mcp' tool, which requires a preflight check ('wecom-preflight') to verify authorization before execution.
- [SAFE]: Identification logic is hardened against unauthorized access by requiring 'userid' and 'todo_id' to be fetched from trusted lookup and list skills ('wecom-contact-lookup', 'wecom-get-todo-list') rather than accepting unverified user-provided identifiers.
- [SAFE]: Instructions for error handling and data formatting (e.g., specific timestamp formats and JSON structures) are standard for API-based agent skills and do not present security risks.
Audit Metadata