lark-im
Pass
Audited by Gen Agent Trust Hub on Apr 26, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes the
lark-clibinary to interact with the Lark platform. This is the intended behavior and follows the platform's execution model for vendor-provided tools. - [DATA_EXFILTRATION]: While the skill allows downloading files and fetching message content from Lark, these operations are authenticated via the user's or bot's credentials and are directed to the local environment or authorized Lark servers. No unauthorized data exfiltration patterns were detected.
- [INDIRECT_PROMPT_INJECTION]: The skill has a surface for indirect prompt injection because it reads and renders content from external chat messages (via
+chat-messages-list,+messages-search, etc.). Malicious actors in a chat could send messages designed to influence the agent's behavior. - Ingestion points:
+chat-messages-list,+messages-search, and+threads-messages-listfetch external message data into the agent's context. - Boundary markers: The skill documentation instructs the agent to render messages for inspection but does not explicitly define strict boundary markers to separate untrusted message content from system instructions.
- Capability inventory: The agent has capabilities to send messages, manage group chats, and download files using the provided shortcuts.
- Sanitization: No explicit sanitization of the retrieved message content is performed before it is presented to the agent's reasoning process.
Audit Metadata