apaas-function-flow
Pass
Audited by Gen Agent Trust Hub on Jul 8, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXFILTRATION]: The skill documents methods to retrieve Lark integration tokens (e.g.,
defaultTenantAccessToken). While these are credentials, the skill specifically instructs the agent not to log secrets or sensitive payloads, mitigating the risk of exposure. - [PROMPT_INJECTION]: The skill processes external data such as flow results and user task opinions, which constitutes an indirect prompt injection surface.
- Ingestion points: The
opinionfield in user tasks and response objects from flow executions. - Boundary markers: Not explicitly defined in the skill instructions.
- Capability inventory: The skill allows for function invocation, flow execution, and access token retrieval.
- Sanitization: Safety instructions recommend confirming write operations and verifying record mutations after execution.
- [COMMAND_EXECUTION]: The skill enables the execution of automation flows and cloud functions (
client.function.invoke). These are administrative actions within the aPaaS environment. The skill includes a safety requirement to confirm before triggering production workflows to prevent accidental or malicious misuse.
Audit Metadata