dingtalk-teambition
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXPOSURE]: The skill facilitates the management of the
TEAMBITION_USER_TOKEN. It supports providing this token via environment variables or a local configuration file (user-token.json). While local storage in plain text is a common pattern for such tools, it represents a standard risk of credential exposure if the project directory is improperly secured or accidentally shared. - [INDIRECT_PROMPT_INJECTION]: The skill processes external data from the Teambition platform, including task titles, comments, and project descriptions.
- Ingestion points: Data enters the agent context through scripts like
query_tasks.py,query_task_detail.py, andrender_rtf.py, which fetches and parses task notes and custom fields. - Boundary markers: The skill relies on natural separation in its output but does not implement explicit cryptographic boundary markers for the processed data.
- Capability inventory: The skill's capabilities are limited to making authenticated HTTP requests to the Teambition API (
open.teambition.com). It does not perform arbitrary shell command execution or dynamic code evaluation on ingested data. - Sanitization: The
render_rtf.pyscript performs basic sanitization by using regular expressions to strip HTML tags and styles from rich text content before presenting it to the agent. - [EXTERNAL_DOWNLOADS]: The skill downloads project-related files and attachments from official Teambition/Alibaba Cloud OSS domains. These operations are essential to the skill's primary purpose and target trusted service endpoints.
Audit Metadata