dingtalk-channel-rules
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to use the 'dws' CLI tool for all DingTalk-related business operations, such as managing documents, calendars, and tasks. This is the intended functional design for the vendor's ecosystem.
- [PROMPT_INJECTION]: The skill defines a surface for indirect prompt injection. 1. Ingestion points: User requests via the DingTalk interface. 2. Boundary markers: None specified. 3. Capability inventory: The 'dws' tool provides broad capabilities including document manipulation, calendar access, and message broadcasting. 4. Sanitization: The instructions do not explicitly detail sanitization steps for user-provided strings passed to the CLI.
- [CREDENTIALS_UNSAFE]: The skill provides instructions for bot credential management by extracting the 'clientId' from the runtime session context. This is a standard and secure approach to handle multi-tenant bot identities without hardcoding sensitive tokens.
Audit Metadata