lark-doc
Pass
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on the lark-cli binary to perform operations on the Lark/Feishu platform.
- Evidence: SKILL.md frontmatter lists lark-cli in its required binaries.
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection due to the way it handles external document content.
- Ingestion points: The lark-cli docs +fetch command, documented in references/lark-doc-fetch.md, retrieves untrusted Markdown content from the Lark platform into the agent's context.
- Boundary markers: The skill instructions do not prescribe the use of boundary markers or 'ignore embedded instructions' prompts when handling the fetched content.
- Capability inventory: The skill has extensive capabilities including document creation (docs +create), updates (docs +update), media insertion (docs +media-insert), and searching (docs +search), which could be leveraged if an agent follows instructions embedded in fetched data.
- Sanitization: No sanitization or content validation is performed on the retrieved document content before it is processed by the agent.
Audit Metadata