wecom-doc-manager
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it ingests and processes content from external WeChat Work documents.
- Ingestion points: External data enters the agent context via the get_doc_content tool as described in references/api-export-document.md.
- Boundary markers: There are no explicit delimiters or instructions provided to the agent to treat the fetched content as untrusted or to ignore embedded instructions.
- Capability inventory: The agent possesses the capability to modify and create documents through the create_doc and edit_doc_content tools, which could be exploited if the agent obeys instructions found within a read document.
- Sanitization: No validation or sanitization of the Markdown content is specified before processing.
- [COMMAND_EXECUTION]: The skill relies on calling the wecom_mcp command-line tool to perform document operations. While this is the intended functionality, it involves the agent executing specific formatted commands.
- [SAFE]: No other high-risk patterns such as hardcoded credentials, obfuscation, or unauthorized network exfiltration were detected. All external URL references target official WeChat Work domains (doc.weixin.qq.com).
Audit Metadata