Skills
skills/stvlynn/qclaw-skills/wecom-meeting-query/Gen Agent Trust Hub

wecom-meeting-query

Pass

Audited by Gen Agent Trust Hub on Mar 21, 2026

Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill exposes sensitive credentials and personally identifiable information (PII) retrieved from the Enterprise WeChat API to the agent's context.\n
  • Evidence: The get_meeting_info command returns highly sensitive fields including password (meeting password), host_key (host secret key), and phone_number (guest mobile numbers) in the guests array.\n
  • Context: While necessary for the skill's purpose, the direct exposure of host keys and passwords to the LLM context without explicit masking or access control increases the risk of accidental or malicious disclosure of credentials.\n- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting untrusted content from the meeting platform.\n
  • Ingestion points: Untrusted data enters the agent context through meeting titles (title) and descriptions (description) fetched via the get_meeting_info tool in SKILL.md.\n
  • Boundary markers: Absent. The instructions do not define delimiters or provide specific warnings to the agent to disregard instructions embedded within meeting metadata.\n
  • Capability inventory: The agent can use the wecom_mcp tool to perform further actions, which could be influenced by malicious instructions in a meeting description.\n
  • Sanitization: Absent. There is no evidence of filtering or validation for the content of meeting details before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 21, 2026, 04:45 PM