lark-doc
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface due to its ability to ingest and process external document data.\n
- Ingestion points: Document and Wiki content is retrieved through the
docs +fetchshortcut as documented inreferences/lark-doc-fetch.md.\n - Boundary markers: There are no explicit instructions for using delimiters or boundary markers to separate retrieved document content from system prompts or instructions.\n
- Capability inventory: The skill allows for significant modifications and creation of resources via
lark-clicommands like+create,+update, and+media-insert, as detailed inreferences/lark-doc-create.md,references/lark-doc-update.md, andreferences/lark-doc-media-insert.md.\n - Sanitization: The provided instructions do not include mechanisms for sanitizing or validating external content before it is processed by the agent.\n- [COMMAND_EXECUTION]: The skill relies on the
lark-clitool, which is a required binary specified in the skill metadata. This tool is used to execute all document management tasks, including file system access for media uploads as seen inreferences/lark-doc-media-insert.mdandreferences/lark-doc-media-download.md.
Audit Metadata