dingtalk-ai-table
Warn
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill instructs the agent to collect and store sensitive credentials, including
DINGTALK_APP_SECRETand access tokens, in a local configuration file located at~/.dingtalk-skills/config. Storing secrets in plaintext on the filesystem increases the risk of credential exposure. - [COMMAND_EXECUTION]: The instructions include bash snippets using
curl,grep, andcutto handle authentication tokens and automate the conversion of user IDs. Executing shell commands with variables derived from user input or external APIs can be risky if not strictly controlled. - [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection through data processed from external tables.
- Ingestion points: The agent retrieves records from DingTalk AI Tables using the
/records/listAPI endpoint specified inSKILL.mdandreferences/api.md. - Boundary markers: There are no instructions providing delimiters or 'ignore embedded instructions' warnings for the data ingested from the tables.
- Capability inventory: The skill possesses capabilities to execute shell commands, perform network operations, and write to the local filesystem.
- Sanitization: No sanitization or validation logic is defined for the content retrieved from the external AI Tables before processing.
Audit Metadata