dingtalk-todo
Warn
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill dynamically generates and executes bash scripts located in the /tmp directory to perform DingTalk operations.\n- [CREDENTIALS_UNSAFE]: DingTalk application secrets and access tokens are stored in plain text in a local configuration file (~/.dingtalk-skills/config).\n- [DATA_EXFILTRATION]: Sensitive tokens are written to temporary scripts in the /tmp directory, which is a shared directory on many systems, potentially exposing credentials to other local users.\n- [PROMPT_INJECTION]: User-provided inputs such as task titles and descriptions are inserted into shell commands and JSON payloads without sanitization, creating a surface for indirect prompt injection.\n- [EXTERNAL_DOWNLOADS]: The skill interacts with official DingTalk API domains (api.dingtalk.com and oapi.dingtalk.com) to manage authentication tokens and task data.
Audit Metadata