lark-conversation-governor
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security vulnerabilities were detected in the skill's source code or metadata. The logic implemented matches the stated purpose of conversation governance.
- [SAFE]: The skill handles user-provided text to identify stop signals and format messages. This data ingestion is handled purely through string operations without passing data to dangerous functions like
eval()or shell commands, neutralizing indirect injection risks. - [SAFE]: System path modifications and dynamic module loading observed in the test files are restricted to local paths for the purpose of module importing and testing.
- [SAFE]: Time-based logic using
time.localtime()is used appropriately to implement the 'quiet hours' feature, which is the primary intended function of the skill.
Audit Metadata