DingTalk API

The skill bundle is designed to interact with the DingTalk API for user, department, messaging, and approval management. All code consistently calls official DingTalk API endpoints (`oapi.dingtalk.com`, `api.dingtalk.com`) after obtaining an access token using `DINGTALK_APP_KEY` and `DINGTALK_APP_SECRET` from environment variables. There is no evidence of data exfiltration to unauthorized third parties, persistence mechanisms, arbitrary shell execution beyond the intended `npx ts-node` invocations, or prompt injection attempts in `SKILL.md` or `README.md` to mislead the agent into malicious actions. The dependencies in `package-lock.json` are standard for the stated functionality. Input arguments are passed directly to DingTalk API parameters, which is expected for an API client and does not introduce vulnerabilities within the skill itself.