Skills
skills/wecomteam/wecom-openclaw-plugin/wecom-get-todo-list/Gen Agent Trust Hub

wecom-get-todo-list

Pass

Audited by Gen Agent Trust Hub on Mar 23, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the 'wecom_mcp' tool to perform calls to the Enterprise WeChat API for retrieving todo lists and specific task details.
  • [SAFE]: The tool 'wecom_mcp' and associated skills are identified as vendor-owned resources within the 'WecomTeam' ecosystem.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes external data from the WeCom API, which constitutes an ingestion point for untrusted content. 1. Ingestion points: Data is received from 'get_todo_list' and 'get_todo_detail' API responses. 2. Boundary markers: Absent; there are no specific instructions to the agent to treat API strings as non-executable data. 3. Capability inventory: The skill uses 'wecom_mcp' for network-based API interactions. 4. Sanitization: Absent; the skill passes data directly from the API to the agent's context.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 23, 2026, 04:17 AM