wecomcli-manage-schedule
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill interacts with the enterprise system by executing the
wecom-clibinary. It passes structured JSON data as arguments to perform operations like creating, updating, or deleting schedules.\n- [DATA_EXPOSURE]: The instructions include a dedicated privacy rule that explicitly forbids exposing internaluseridstrings to the user. It directs the agent to resolve these identifiers to human-readable names using a separate lookup skill, which is a security best practice for data minimization.\n- [INDIRECT_PROMPT_INJECTION]: The skill retrieves schedule summaries and descriptions that are user-controllable. This constitutes a potential indirect prompt injection surface where malicious instructions embedded in schedule data could attempt to influence agent behavior during processing.\n - Ingestion points: The
get_schedule_detailAPI provides schedule titles and descriptions to the agent context.\n - Boundary markers: The instructions do not define specific delimiters to isolate retrieved schedule text from the agent's control logic.\n
- Capability inventory: The agent has the ability to manage schedules (create, modify, cancel) and look up contacts using the provided CLI tools.\n
- Sanitization: There are no instructions for the agent to sanitize or validate the content of the schedule summaries before processing them.
Audit Metadata