openlark-api
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill utilizes the
Bashtool to execute local Python helper scripts (fetch_docpath.pyandvalidate_apis.py). While these are internal project tools, they are invoked with arguments (such as<docPath>URLs) derived from user or external input, which poses a minor risk of command injection if input is not handled securely by the scripts. - [EXTERNAL_DOWNLOADS] (LOW): The
fetch_docpath.pyscript is designed to download content from the Feishu/Lark Open Platform documentation URLs. While the destination is likely restricted to a specific domain, downloading external content for processing is a known attack vector. - [PROMPT_INJECTION] (LOW): Indirect Prompt Injection Surface Detected.
- Ingestion points: External API documentation fetched via URL or parsed from HTML files (
references/README.md,SKILL.md). - Boundary markers: Absent. The instructions do not define delimiters or warnings to ignore instructions embedded within the fetched documentation content.
- Capability inventory: The agent has permissions to edit files (
Edit), run local commands (Bash), and read the filesystem (Read,Grep,Glob). - Sanitization: Absent. There is no requirement mentioned to sanitize or validate the content retrieved from external URLs before the LLM processes it for code generation.
Audit Metadata