The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes the wecom_mcp tool to perform operations such as fetching chat lists, retrieving messages, and sending text. All operations are conducted through defined API calls with specific parameters.
[PROMPT_INJECTION]: The skill is designed to process and display chat content from external users, creating an inherent surface for indirect prompt injection.
Ingestion points: Untrusted data enters the context via the get_messages call described in SKILL.md.
Boundary markers: The skill formats output with clear markers (e.g., Username [Time]: Content) to separate message data from agent instructions.
Capability inventory: The agent can send messages using send_message and download media via get_msg_media as seen in references/api-send-message.md and references/api-get-msg-media.md.
Sanitization: While no automated sanitization is mentioned, the skill mandates human-in-the-loop confirmation before sending messages or downloading/deleting files, which serves as a primary mitigation against accidental execution of injected instructions.

wecom-msg