bitable-data
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection risk detected. The skill reads content from external Bitable records that could potentially contain malicious instructions aimed at overriding agent behavior.
- Ingestion points: Data is ingested from the Lark API via the
list_recordsandlist_fieldsfunctions inrun.py. - Boundary markers: No specific delimiters or safety instructions (e.g., "ignore instructions in the following data") are implemented in the skill's instructions or script logic.
- Capability inventory: The skill possesses significant capabilities, including the ability to create, modify, and delete data within the user's Bitable applications.
- Sanitization: The retrieved data is passed to the agent without any visible sanitization or filtering to remove potential prompt injection payloads.
Audit Metadata