wjx-mcp-use
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it retrieves and processes untrusted data from external survey respondents.
- Ingestion points:
query_responses(detailed inreferences/tools-response.md) andquery_contacts(detailed inreferences/tools-other.md) ingest data from potentially adversarial sources. - Boundary markers: The skill instructions do not define boundary markers or include directives to ignore embedded instructions in the ingested data.
- Capability inventory: The skill has high-privilege capabilities including survey deletion (
delete_survey), response clearing (clear_responses), and SSO link generation with administrative rights (sso_subaccount_urlwithadmin=1). - Sanitization: There are no explicit instructions or tools for sanitizing external content before the agent processes it.
- [DATA_EXFILTRATION]: The skill provides tools that access and manage sensitive personally identifiable information (PII). Tools such as
query_contactsandadd_contactshandle user mobile numbers, emails, and passwords. Furthermore,query_responsesanddownload_responses(inreferences/tools-response.md) give the agent full access to survey submission contents which may contain confidential data. - [COMMAND_EXECUTION]: The toolset includes several high-risk administrative operations that can result in irreversible data loss if misused. Tools like
clear_responses(inreferences/tools-response.md),delete_survey, andclear_recycle_bin(inreferences/tools-survey.md) allow for the permanent deletion of platform resources. Additionally, the skill includes tools for generating single sign-on (SSO) URLs that can grant administrative access to the platform.
Audit Metadata