dingtalk-workflow-meeting-todo
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes multiple shell commands via the dws CLI tool to perform operations such as listing calendar events, creating tasks, and managing aitable records.
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection through its processing of meeting descriptions. 1. Ingestion points: Event descriptions are retrieved from DingTalk using the dws calendar event get command. 2. Boundary markers: There are no explicit delimiters or instructions to ignore embedded commands within the extracted description content. 3. Capability inventory: The skill can create DingTalk tasks (dws todo task create), write to aitable databases (dws aitable record create), and send DING messages (dws ding message send). 4. Sanitization: No sanitization or validation of the extracted description content is performed before processing.
Audit Metadata