email-lark
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill communicates with the official Feishu (Lark) API at open.feishu.cn. Network activity targeting well-known services for their intended purpose is considered safe.
- [SAFE]: Sensitive credentials such as the LARK_TENANT_TOKEN are retrieved from environment variables rather than being hardcoded in the source code.
- [SAFE]: No obfuscation, persistence mechanisms, or unauthorized privilege escalation patterns were found in the scripts or metadata.
- [SAFE]: Although the skill ingests data from external API responses (e.g., group names and descriptions), it lacks high-risk capabilities like command execution or file system writing, which mitigates the risk of indirect prompt injection.
Audit Metadata