wecom-get-todo-list
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides structured instructions for interacting with an enterprise todo list API. It uses a defined tool (
wecom_mcp) for all operations. - [PROMPT_INJECTION]: The skill contains strong imperative language (e.g., 'must check details', 'prohibited to skip') to ensure the agent performs the necessary follow-up queries to provide useful data to the user. These instructions are functional in nature and do not attempt to bypass safety guidelines, disregard system prompts, or extract sensitive model information.
- [DATA_EXFILTRATION]: No evidence of unauthorized data transmission or access to sensitive local file paths was found. The skill uses placeholders for IDs and handles API response data in a standard manner.
- [CREDENTIALS_UNSAFE]: No hardcoded secrets, API keys, or tokens are present in the documentation. All authentication is assumed to be handled by the underlying MCP environment.
- [REMOTE_CODE_EXECUTION]: There are no patterns involving the download or execution of remote scripts or unverified packages.
Audit Metadata