Skills
skills/wecomteam/wecom-openclaw-plugin/wecom-msg/Gen Agent Trust Hub

wecom-msg

Pass

Audited by Gen Agent Trust Hub on Apr 16, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from WeCom chat messages.
  • Ingestion points: Message content is retrieved via the get_messages API defined in references/api-get-messages.md.
  • Boundary markers: The instructions do not define clear delimiters or include warnings for the agent to ignore instructions embedded within the chat data.
  • Capability inventory: The agent has the capability to send messages (send_message in references/api-send-message.md) and perform file system operations like renaming and deleting files (SKILL.md).
  • Sanitization: There is no evidence of sanitization or filtering of the incoming message content before it is processed by the agent.
  • [COMMAND_EXECUTION]: The skill performs file system management tasks based on external data.
  • Evidence: In SKILL.md, the workflow for handling non-text messages involves downloading files to a local_path, checking file extensions against content_type, and renaming files. It also includes a step to delete these files upon user request.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 16, 2026, 12:50 AM