pdca
Pass
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it processes external documentation to manage projects. Ingestion points: The agent reads project data and task descriptions from Feishu Wiki documents and Bitable tables (e.g., via the
feishu_fetch_doccommand inassets/references/cron-driving.md). Boundary markers: The instructions do not define specific delimiters or warnings to ignore instructions embedded in the external documentation. Capability inventory: The skill has access to Feishu tools for creating and updating documents, managing database records, and sending messages to users. Sanitization: No specific sanitization logic is provided for the external content before it is processed by the AI. - [EXTERNAL_DOWNLOADS]: The README and installation guides reference the download and installation of official and vendor-owned packages from the npm registry, such as
@openclaw/plugin-larkand@feng-h/pdca-skill. These are standard dependencies required for the skill's legitimate integration with the Feishu platform.
Audit Metadata