The Agent Skills Directory

[DATA_EXFILTRATION]: The skill extracts sensitive Personally Identifiable Information (PII), including contact names, phone numbers, user IDs, and detailed interaction history, from private DingTalk communication channels (calendars and group chats) and transmits this data to an external database service (Aitable).
[DATA_EXFILTRATION]: A specific user ID ('manager6950') is hardcoded as the recipient for automated relationship reminders in the 'dws ding message send' command. This presents a risk of sensitive CRM data and private contact interaction summaries being exposed to an unauthorized third party rather than the user.
[COMMAND_EXECUTION]: The skill extensively utilizes the 'dws' command-line utility to perform operations such as searching contacts, listing calendar events, and reading group chat participants.
[PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it ingests untrusted data from external sources. 1. Ingestion points: Untrusted content is read from DingTalk calendar events and group chat messages via 'dws calendar event list' and 'dws chat search' in SKILL.md. 2. Boundary markers: The skill does not use delimiters or specific instructions to isolate these external inputs from the agent's core workflow instructions. 3. Capability inventory: The agent has the ability to write records to external tables and send messages via the DingTalk robot API. 4. Sanitization: There is no evidence of sanitization or validation of the calendar and chat data before it is processed by the AI to generate CRM records or interaction summaries.

dingtalk-workflow-personal-crm