skills/wjxcom/wjx-ai-kit/wjx-mcp-use/Gen Agent Trust Hub

wjx-mcp-use

Pass

Audited by Gen Agent Trust Hub on Apr 13, 2026

Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it retrieves and processes untrusted data from external survey respondents.
  • Ingestion points: query_responses (detailed in references/tools-response.md) and query_contacts (detailed in references/tools-other.md) ingest data from potentially adversarial sources.
  • Boundary markers: The skill instructions do not define boundary markers or include directives to ignore embedded instructions in the ingested data.
  • Capability inventory: The skill has high-privilege capabilities including survey deletion (delete_survey), response clearing (clear_responses), and SSO link generation with administrative rights (sso_subaccount_url with admin=1).
  • Sanitization: There are no explicit instructions or tools for sanitizing external content before the agent processes it.
  • [DATA_EXFILTRATION]: The skill provides tools that access and manage sensitive personally identifiable information (PII). Tools such as query_contacts and add_contacts handle user mobile numbers, emails, and passwords. Furthermore, query_responses and download_responses (in references/tools-response.md) give the agent full access to survey submission contents which may contain confidential data.
  • [COMMAND_EXECUTION]: The toolset includes several high-risk administrative operations that can result in irreversible data loss if misused. Tools like clear_responses (in references/tools-response.md), delete_survey, and clear_recycle_bin (in references/tools-survey.md) allow for the permanent deletion of platform resources. Additionally, the skill includes tools for generating single sign-on (SSO) URLs that can grant administrative access to the platform.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 13, 2026, 08:09 AM
Security Audit — agent-trust-hub — wjx-mcp-use