The Agent Skills Directory

[SAFE]: The skill facilitates legitimate contact search operations through the wecom_mcp tool. No malicious code or unauthorized behaviors were detected during analysis.
[PROMPT_INJECTION]: No evidence of prompt injection, safety bypass attempts, or instructions to override the agent's core rules was found in the documentation or metadata.
[DATA_EXFILTRATION]: The skill processes corporate directory information (names, IDs, aliases). It contains a built-in security check that halts processing if more than 10 contacts are found, which mitigates the risk of large-scale data scraping or exfiltration.
[SAFE]: Although the skill processes data from external tool outputs which could theoretically contain indirect prompt injections (e.g., malicious names), the risk is minimized by the 10-result limit and the simple logic of local filtering. Ingestion points: get_userlist output in SKILL.md; Boundary markers: Absent; Capability inventory: Displays search results and maps user IDs for internal workflows; Sanitization: Absent.

wecom-contact-lookup