The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill provides installation commands that download and execute scripts from a remote repository via piped shell execution.
Evidence: curl -fsSL https://raw.githubusercontent.com/DingTalk-Real-AI/dingtalk-workspace-cli/main/scripts/install.sh | sh and irm https://raw.githubusercontent.com/DingTalk-Real-AI/dingtalk-workspace-cli/main/scripts/install.ps1 | iex.
[EXTERNAL_DOWNLOADS]: The skill fetches the dingtalk-workspace-cli tool from the NPM registry and its source code from GitHub.
Evidence: npm install -g dingtalk-workspace-cli and git clone https://github.com/DingTalk-Real-AI/dingtalk-workspace-cli.git.
[COMMAND_EXECUTION]: The agent is instructed to use the --yes or -y flag for automated execution, which bypasses confirmation for potentially destructive operations like deleting calendar events, AITable records, and tasks.
Evidence: Documentation recommends using --yes for non-interactive execution by AI agents.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and processes untrusted data from an enterprise environment that could contain hidden instructions.
Ingestion points: DingTalk contact searches, AI table record queries, document searches, chat message lists, and meeting minutes details.
Boundary markers: None identified in the prompt instructions to isolate external data from the agent's control logic.
Capability inventory: The skill provides full CRUD (Create, Read, Update, Delete) access to calendars, AI tables, todos, and drive files, as well as the ability to send messages via dws chat send.
Sanitization: The instructions do not specify any validation or sanitization of data retrieved from DingTalk APIs before processing.

dingtalk-workspace-cli