lark-contact
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the lark-cli contact tool to perform search and retrieval operations within the Lark organizational directory. These operations are within the stated scope of managing workplace communications and calendar scheduling.
- [DATA_EXFILTRATION]: The skill facilitates access to employee contact information, including emails, phone numbers, and unique identifiers (open_id). This is the primary function of the skill and is executed through vendor-provided tooling (lark-cli) targeting internal organizational data.
- [SAFE]: The instructions explicitly guide the agent on 'Disambiguation,' specifically directing it not to automatically select the first result when multiple employees share a name, but instead to present choices to the user. This reduces the risk of incorrect data usage in downstream tasks like sending messages or calendar invites.
Audit Metadata