wecom-todo

Pass

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill utilizes an internal tool, 'wecom_mcp', for all task management activities. No unauthorized external network calls or attempts to access sensitive local files (e.g., SSH keys, environment variables) were found.
  • [SAFE]: Security best practices are followed by requiring a 'wecom-preflight' execution to ensure tool authorization before the primary skill logic begins.
  • [SAFE]: The skill includes instructions to seek explicit human confirmation before performing destructive actions (deleting items) or potentially sensitive status changes (rejecting a task).
  • [PROMPT_INJECTION]: Indirect Prompt Injection surface identified:
  • Ingestion points: External data is ingested via the 'content' field retrieved from the 'get_todo_detail' API call in SKILL.md.
  • Boundary markers: None; the retrieved task content is displayed directly to the user without explicit delimiters or 'ignore' instructions.
  • Capability inventory: The skill has read, write, and delete capabilities for tasks and can query the corporate directory via the 'wecom-contact' skill.
  • Sanitization: No specific sanitization, validation, or escaping logic is prescribed for the external task content before it is processed or displayed.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 20, 2026, 04:13 PM
Security Audit — agent-trust-hub — wecom-todo