lark-event
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection by subscribing to and processing untrusted data from external Lark events.
- Ingestion points: Data is ingested through the
lark-cli event +subscribecommand, which monitors event types such asim.message.receive_v1(documented inSKILL.mdandreferences/lark-event-subscribe.md). - Boundary markers: There is no mention or requirement for delimiters or 'ignore' instructions to prevent the agent from acting on commands hidden within user-supplied content in the provided documentation or examples.
- Capability inventory: The agent can interact with Lark APIs (
lark-cli api) and documents (lark-cli docs), potentially allowing an external attacker to influence these actions via injected messages. - Sanitization: The skill instructions do not describe any sanitization, escaping, or validation of the event payload before it is used in downstream tasks.
Audit Metadata