univer-team-standup
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs shell-based operations to manage its environment and workbook state.\n
- Evidence: Installs the CLI tool using 'npm install -g univer-cli@latest'.\n
- Evidence: Adds external skill definitions via 'npx skills add dream-num/skills'.\n
- Evidence: Invokes the 'univer' and 'unv' executables for data synchronization and workbook management.\n- [EXTERNAL_DOWNLOADS]: The skill downloads dependencies from official registries and vendor repositories.\n
- Evidence: Fetches the 'univer-cli' package from the NPM registry.\n
- Evidence: Pulls configurations and instructions from the 'dream-num/skills' repository on GitHub.\n- [DATA_EXFILTRATION]: Local activity and system data are summarized and sent to a remote destination.\n
- Evidence: Accesses local LLM interaction logs at '~/.codex/sessions/' to extract work evidence.\n
- Evidence: Synchronizes the collected data with a remote workbook (Unit ID: 'fYmh0HRyTUO6YECQGFScnA0') hosted on 'univer.ai'.\n- [PROMPT_INJECTION]: The skill processes untrusted input from external sources, creating a surface for indirect attacks.\n
- Ingestion points: Reads activity summaries from local Codex session files, GitHub PRs, and issue logs in 'SKILL.md'.\n
- Boundary markers: Lacks explicit instructions for delimiters or escaping when interpolating external data into worklog rows.\n
- Capability inventory: Possesses the ability to write to the local file system (reports and configuration) and execute CLI-based network operations ('univer sync').\n
- Sanitization: Recommends summarizing and keeping evidence compact, but does not specify a mechanism for sanitizing input from external sources.
Audit Metadata