wecomcli-smartpage

Pass

Audited by Gen Agent Trust Hub on Jul 2, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The smartpage_create command takes a page_filepath parameter that allows the agent to read the contents of local files and upload them to the WeCom service (doc.weixin.qq.com). This capability could be used to exfiltrate sensitive data if the agent is tricked into reading paths such as configuration or credential files.
  • [COMMAND_EXECUTION]: The skill functions by executing the wecom-cli system binary to perform all document management tasks, passing user-influenced JSON arguments to the command line.
  • [PROMPT_INJECTION]: The smartpage_get_export_result tool retrieves Markdown content from remote SmartPages and injects it directly into the agent's context. This creates an indirect prompt injection surface where instructions embedded in a shared document could manipulate the agent's behavior.
  • Ingestion points: smartpage_get_export_result (returns document text in the content field).
  • Boundary markers: Absent. There are no instructions or delimiters to isolate the retrieved content from the agent's primary instructions.
  • Capability inventory: Local file system access and remote document creation via wecom-cli.
  • Sanitization: Absent. No validation or filtering of the fetched Markdown is performed before it is added to the context.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 2, 2026, 06:52 AM
Security Audit — agent-trust-hub — wecomcli-smartpage