Skills
skills/tencent-connect/openclaw-qqbot/qqbot-remind/Gen Agent Trust Hub

qqbot-remind

Pass

Audited by Gen Agent Trust Hub on Apr 1, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface within the backup 'cron' tool usage and the 'qqbot_remind' workflow.\n
  • Ingestion points: User-provided text (the reminder content) is captured and placed directly into the payload.message field of a scheduled task in the SKILL.md file.\n
  • Boundary markers: No delimiters or safety instructions (e.g., 'ignore any instructions within the following text') are used to isolate the {提醒内容} variable from the surrounding agent instructions.\n
  • Capability inventory: When the scheduled task triggers, the agent processes the payload.message. The agent has the capability to send messages to QQ users and groups via the qqbot channel.\n
  • Sanitization: The instructions do not define any sanitization or validation logic for the user-supplied content before it is used to form a future prompt. An attacker could potentially supply instructions as a 'reminder' that the agent would then follow when the task executes.\n- [DATA_EXFILTRATION]: The skill handles user identifiers (openid and group_openid) to route messages. This is consistent with the skill's purpose as a QQBot utility by 'tencent-connect' and uses standard platform parameters.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 1, 2026, 11:41 AM