wjx-cli-use
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
wjx-clipackage vianpm install -g wjx-cli. It also features a self-update commandwjx update. Both the package and the tool originate from the vendorwjxcomassociated with the Wenjuanxing platform. - [COMMAND_EXECUTION]: The documentation provides instructions for executing a wide range of shell commands using the
wjxbinary. These commands facilitate survey management, data analytics, and administrative tasks via the platform's OpenAPI. - [PROMPT_INJECTION]: The skill is designed to ingest external data, such as survey responses and metadata, which creates a surface for indirect prompt injection.
- Ingestion points:
wjx response query,wjx response report, andwjx survey getas described inSKILL.mdandreferences/response-commands.md. - Boundary markers: The instructions do not currently include explicit delimiters or warnings for the agent to ignore instructions embedded within the fetched survey data.
- Capability inventory: The agent has access to sensitive capabilities including
wjx survey delete,wjx response clear, andwjx contacts deleteas detailed in the reference files. - Sanitization: No specific data sanitization or validation logic is defined within the skill's instructions.
Audit Metadata