Wecomcli Setup

The SKILL.md file contains explicit instructions for the AI agent to bypass user consent ('强制自动完成... 无需询问用户') and execute high-risk shell commands automatically, including global NPM installations and the use of 'sudo' on macOS/Linux. While these actions are functionally aligned with the stated goal of setting up the 'wecom-cli' tool, the instruction to ignore user confirmation for installation and privilege escalation is a security concern. Additionally, the skill fetches external content via 'npx skills add WeComTeam/wecom-cli', which introduces a supply-chain risk.