Skills
skills/stvlynn/qclaw-skills/wecom-smartsheet-data/Gen Agent Trust Hub

wecom-smartsheet-data

Pass

Audited by Gen Agent Trust Hub on Mar 21, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes data from external Enterprise WeChat Smartsheets, creating a surface for indirect prompt injection.
  • Ingestion points: Data is retrieved using the smartsheet_get_records tool as described in SKILL.md.
  • Boundary markers: No explicit delimiters or specific instructions to ignore embedded commands within the spreadsheet data are present.
  • Capability inventory: The skill includes powerful modification and deletion capabilities, such as smartsheet_add_records, smartsheet_update_records, and smartsheet_delete_records (referenced in SKILL.md).
  • Sanitization: There is no evidence of data sanitization or instruction filtering for the content retrieved from the spreadsheets.
  • [COMMAND_EXECUTION]: The skill instructs the agent to perform operations via the wecom_mcp command-line tool to manage document records.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 21, 2026, 04:45 PM