meegle
Pass
Audited by Gen Agent Trust Hub on May 21, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill interacts with the Meego platform by executing shell commands through the
meegleCLI as documented in SKILL.md and references/cli-guide.md. This is the primary and intended mechanism for the skill's functionality. - [DATA_EXPOSURE]: The skill handles project data and attachments. It includes specific commands for uploading and downloading files (
meegle attachment +upload,meegle attachment +download), which are restricted to the context of Meego work items. - [PROMPT_INJECTION]: An indirect prompt injection surface is present because the skill processes content from work item descriptions and comments that could contain instructions for the agent.
- Ingestion points: Data enters the context through
workitem get,workitem query, andcomment listcommands as described in SKILL.md and references/misc.md. - Boundary markers: The skill employs structured MQL syntax and strict field-value stringification protocols which serve as logical boundaries between instructions and data.
- Capability inventory: The agent has capabilities to update items, transition nodes, and upload files using the
meegleCLI. - Sanitization: While the SOPs include rigorous validation of field formats and error self-healing, they do not explicitly specify sanitization of natural language content for embedded instructions.
- [SAFE]: The skill is authored by
larksuite, a recognized vendor. All referenced resources, including domains likemeegle.comandfeishu.cn, are consistent with the vendor's official infrastructure. No malicious patterns or unauthorized exfiltration attempts were detected.
Audit Metadata