Skills
skills/liangdabiao/dingtalk-cli-workflow/dingtalk-workflow-stock-analyzer/Gen Agent Trust Hub

dingtalk-workflow-stock-analyzer

Pass

Audited by Gen Agent Trust Hub on Apr 14, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes shell commands via the dws CLI to interact with Aitable and DingTalk services (e.g., dws aitable table create, dws ding message send).
  • [DATA_EXFILTRATION]: The skill manages sensitive financial data including portfolio holdings, costs, and profit calculations. This data is transmitted to Aitable and can be sent as messages via DingTalk.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection from web-based data. 1. Ingestion points: WebSearch retrieves news and analysis from third-party sites. 2. Boundary markers: None present. 3. Capability inventory: Writing to Aitable and sending DingTalk messages. 4. Sanitization: No evidence of input validation for retrieved web content.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 14, 2026, 02:53 AM