The Agent Skills Directory

[COMMAND_EXECUTION]: The skill's core strategy involves the agent generating temporary shell scripts in /tmp/ and executing them via bash to handle complex logic and API interactions. This dynamic script generation and execution pattern is a known security risk, as it can lead to arbitrary command execution if user input is interpolated into the scripts without rigorous validation.
[EXTERNAL_DOWNLOADS]: The skill and its utility script (scripts/dt_helper.sh) perform network operations using curl to interact with official DingTalk API endpoints at api.dingtalk.com and oapi.dingtalk.com. These interactions are used for authentication and data retrieval from well-known service domains.
[PROMPT_INJECTION]: The skill exposes a surface for indirect prompt injection via user-supplied search terms and identifiers.
Ingestion points: User-provided keywords and user/department IDs are ingested into the SEARCH and DETAIL command templates within SKILL.md.
Boundary markers: There are no explicit boundary markers or instructions to the agent to escape or ignore potentially malicious instructions embedded in the user data.
Capability inventory: The skill has access to powerful system capabilities, including full shell execution and network access through the provided scripts/dt_helper.sh script.
Sanitization: The provided shell script logic does not include sanitization or filtering of input variables before they are used in curl commands or temporary script generation.

dingtalk-contact