The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The script scripts/fetch-smartsheet.mjs communicates exclusively with doc.weixin.qq.com, which is the official domain for Enterprise WeChat documents. These network operations are required for the skill's core functionality and target a well-known, trusted service.\n- [PROMPT_INJECTION]: The skill retrieves and processes external spreadsheet data (ingestion point: scripts/fetch-smartsheet.mjs), which creates an inherent surface for indirect prompt injection. While the implementation lacks explicit boundary markers or sanitization, the capability inventory is restricted entirely to printing data to the console with no access to sensitive files, network exfiltration to third parties, or command execution, effectively neutralizing the threat.\n- [SAFE]: The skill manages WeCom session cookies for authentication. The instructions correctly guide users to provide these via environment variables or command-line arguments, adhering to standard security practices for managing session credentials in development tools.

wecom-smartsheet-api