dingtalk-cli
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on the
dwsCLI tool to perform all operations, including authentication checks (dws auth status) and product-specific tasks (e.g.,dws aitable,dws chat). These are standard operational commands for the intended functionality. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests data from untrusted external sources.
- Ingestion points: Untrusted data enters the agent context through commands that read external content, such as
dws chat,dws doc,dws mail, anddws minutes(SKILL.md). - Boundary markers: No explicit boundary markers or 'ignore' instructions are provided to delimit external content from system instructions.
- Capability inventory: The agent has the capability to perform various actions based on instructions, such as sending messages (
dws chat), modifying records (dws aitable), or managing files (dws drive). - Sanitization: There is no mention of sanitization or validation of the retrieved external content before it is processed by the agent.
Audit Metadata