skills/larksuite/meegle-cli/meegle/Gen Agent Trust Hub

meegle

Pass

Audited by Gen Agent Trust Hub on May 21, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill interacts with the Meego platform by executing shell commands through the meegle CLI as documented in SKILL.md and references/cli-guide.md. This is the primary and intended mechanism for the skill's functionality.
  • [DATA_EXPOSURE]: The skill handles project data and attachments. It includes specific commands for uploading and downloading files (meegle attachment +upload, meegle attachment +download), which are restricted to the context of Meego work items.
  • [PROMPT_INJECTION]: An indirect prompt injection surface is present because the skill processes content from work item descriptions and comments that could contain instructions for the agent.
  • Ingestion points: Data enters the context through workitem get, workitem query, and comment list commands as described in SKILL.md and references/misc.md.
  • Boundary markers: The skill employs structured MQL syntax and strict field-value stringification protocols which serve as logical boundaries between instructions and data.
  • Capability inventory: The agent has capabilities to update items, transition nodes, and upload files using the meegle CLI.
  • Sanitization: While the SOPs include rigorous validation of field formats and error self-healing, they do not explicitly specify sanitization of natural language content for embedded instructions.
  • [SAFE]: The skill is authored by larksuite, a recognized vendor. All referenced resources, including domains like meegle.com and feishu.cn, are consistent with the vendor's official infrastructure. No malicious patterns or unauthorized exfiltration attempts were detected.
Audit Metadata
Risk Level
SAFE
Analyzed
May 21, 2026, 06:20 AM
Security Audit — agent-trust-hub — meegle