univer-team-standup

Pass

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill performs shell-based operations to manage its environment and workbook state.\n
  • Evidence: Installs the CLI tool using 'npm install -g univer-cli@latest'.\n
  • Evidence: Adds external skill definitions via 'npx skills add dream-num/skills'.\n
  • Evidence: Invokes the 'univer' and 'unv' executables for data synchronization and workbook management.\n- [EXTERNAL_DOWNLOADS]: The skill downloads dependencies from official registries and vendor repositories.\n
  • Evidence: Fetches the 'univer-cli' package from the NPM registry.\n
  • Evidence: Pulls configurations and instructions from the 'dream-num/skills' repository on GitHub.\n- [DATA_EXFILTRATION]: Local activity and system data are summarized and sent to a remote destination.\n
  • Evidence: Accesses local LLM interaction logs at '~/.codex/sessions/' to extract work evidence.\n
  • Evidence: Synchronizes the collected data with a remote workbook (Unit ID: 'fYmh0HRyTUO6YECQGFScnA0') hosted on 'univer.ai'.\n- [PROMPT_INJECTION]: The skill processes untrusted input from external sources, creating a surface for indirect attacks.\n
  • Ingestion points: Reads activity summaries from local Codex session files, GitHub PRs, and issue logs in 'SKILL.md'.\n
  • Boundary markers: Lacks explicit instructions for delimiters or escaping when interpolating external data into worklog rows.\n
  • Capability inventory: Possesses the ability to write to the local file system (reports and configuration) and execute CLI-based network operations ('univer sync').\n
  • Sanitization: Recommends summarizing and keeping evidence compact, but does not specify a mechanism for sanitizing input from external sources.
Audit Metadata
Risk Level
SAFE
Analyzed
May 20, 2026, 12:59 PM
Security Audit — agent-trust-hub — univer-team-standup