The Agent Skills Directory

[COMMAND_EXECUTION]: The skill functions by executing the wecom-cli binary with parameters supplied via JSON strings. The agent is instructed to format these commands as wecom-cli doc <tool_name> '<json_params>'. This pattern requires the agent to properly escape user input to prevent shell command injection.
[DATA_EXFILTRATION]: The smartpage_create tool (detailed in references/smartpage-create.md) accepts a page_filepath parameter. This capability allows the agent to read files from the local filesystem and upload them to the Enterprise WeChat cloud (doc.weixin.qq.com). While this is the intended functionality for creating documents from local files, it could be leveraged to exfiltrate sensitive data if the agent is tricked into processing unexpected file paths.
[PROMPT_INJECTION]: The skill processes document content retrieved from external URLs (via get_doc_content and smartpage_get_export_result), which acts as an indirect prompt injection surface. 1. Ingestion points: Document content fetched from the WeChat cloud. 2. Boundary markers: None identified in the skill instructions to distinguish document content from system instructions. 3. Capability inventory: Filesystem read and upload via wecom-cli, and document modification. 4. Sanitization: No validation or sanitization of the fetched Markdown content is mentioned.

wecomcli-doc