dingtalk-workflow-content-pipeline
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Potential for Indirect Prompt Injection. The skill retrieves information from external web searches and technical documentation which could contain adversarial content intended to influence agent behavior.
- Ingestion points: Data entering the context via WebSearch and DingTalk devdoc searches.
- Boundary markers: The instructions do not define delimiters to separate untrusted research data from the core logic.
- Capability inventory: The skill has the ability to write to Aitable databases, create tasks in DingTalk, and send automated chat messages.
- Sanitization: There is no mention of content filtering or validation of external data before processing.
- [COMMAND_EXECUTION]: Orchestrates operations using the dws CLI tool to interact with enterprise databases and project management features. These commands are structured and aligned with the skill's documented workflow for content pipeline automation.
Audit Metadata