dingtalk-workflow-social-tracker
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
dwsCLI tool to interact with DingTalk Aitable. This includes administrative operations like creating bases, tables, and fields, as well as data-level operations like creating, querying, and updating records. These commands are integral to the stated purpose of the skill.\n- [EXTERNAL_DOWNLOADS]: The skill incorporates an AI-driven WebSearch capability to retrieve public subscriber and engagement data from social media platforms and analytics sites like Social Blade. This data is used to populate daily snapshots.\n- [PROMPT_INJECTION]: The skill possesses an inherent attack surface for indirect prompt injection because it ingests and processes untrusted data from the open web to generate summaries and bot notifications.\n - Ingestion points: External data retrieved via WebSearch from social media platforms and third-party profile analytics pages.\n
- Boundary markers: The skill does not implement specific boundary markers or 'ignore' instructions to isolate retrieved web data from its processing logic.\n
- Capability inventory: The skill has the ability to write records to Aitable and send automated messages to users or groups via the
send-by-botcommand.\n - Sanitization: There is no documented logic for sanitizing or validating external content before it is parsed by the AI or written to the database.
Audit Metadata