wecomcli-smartpage
Pass
Audited by Gen Agent Trust Hub on Jul 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The
smartpage_createcommand takes apage_filepathparameter that allows the agent to read the contents of local files and upload them to the WeCom service (doc.weixin.qq.com). This capability could be used to exfiltrate sensitive data if the agent is tricked into reading paths such as configuration or credential files. - [COMMAND_EXECUTION]: The skill functions by executing the
wecom-clisystem binary to perform all document management tasks, passing user-influenced JSON arguments to the command line. - [PROMPT_INJECTION]: The
smartpage_get_export_resulttool retrieves Markdown content from remote SmartPages and injects it directly into the agent's context. This creates an indirect prompt injection surface where instructions embedded in a shared document could manipulate the agent's behavior. - Ingestion points:
smartpage_get_export_result(returns document text in thecontentfield). - Boundary markers: Absent. There are no instructions or delimiters to isolate the retrieved content from the agent's primary instructions.
- Capability inventory: Local file system access and remote document creation via
wecom-cli. - Sanitization: Absent. No validation or filtering of the fetched Markdown is performed before it is added to the context.
Audit Metadata