drive-file
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through its processing of external data from Lark Drive.
- Ingestion points: Metadata such as file and folder names are retrieved from the Lark API in the
list_filesfunction withinrun.pyand presented to the agent. - Boundary markers: There are no delimiters or instructions to ignore embedded commands within the retrieved file data. Furthermore, the
SKILL.mdinstructions explicitly tell the agent to "prohibit interactive menus" and "directly execute the most reasonable operation," which increases the risk of the agent obeying instructions found in file names. - Capability inventory: The skill includes high-impact capabilities such as
delete_file(irreversible deletion) andcreate_folder, as implemented inrun.py. - Sanitization: There is no evidence of sanitization, escaping, or validation of the file names or folder tokens before they are processed by the agent or used in subsequent API calls.
Audit Metadata