Skills
skills/breath57/dingtalk-skills/dingtalk-ai-table/Gen Agent Trust Hub

dingtalk-ai-table

Warn

Audited by Gen Agent Trust Hub on Mar 16, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructions provide shell command templates using curl, grep, and cut to automate token retrieval and user identity conversion.
  • [CREDENTIALS_UNSAFE]: Instructions direct the agent to persist sensitive information, including the DINGTALK_APP_SECRET and access tokens, in a plain-text configuration file at ~/.dingtalk-skills/config.
  • [DATA_EXFILTRATION]: The skill requires the transmission of sensitive application credentials and internal identifiers to official DingTalk API domains for service interaction.
  • [PROMPT_INJECTION]: The skill ingests data from table records via the records/list endpoint (SKILL.md) and possesses command execution capabilities (curl), with no boundary markers or sanitization logic defined, creating a surface for indirect prompt injection.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 16, 2026, 02:54 PM