lark-im
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
lark-clitool to interact with the Lark Open Platform. All commands and API interactions are consistent with the documented purpose of the skill and utilize standard parameters. - [DATA_EXFILTRATION]: The skill provides tools for downloading images and files. It includes explicit security instructions in
lark-im-messages-resources-download.mdto prevent path traversal by restricting output to relative paths and strictly forbidding the use of '..' in file paths. - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it processes data from external chat messages. However, the risk is mitigated through design:
- Ingestion points: External message content is retrieved via the
+chat-messages-list,+threads-messages-list, and+messages-searchshortcuts. - Boundary markers: The instructions encourage the use of structured JSON output (
--format json) to help the agent distinguish between data and control instructions. - Capability inventory: The skill can send messages (
+messages-send), reply to messages (+messages-reply), and download files (+messages-resources-download). - Sanitization: Mandatory 'Safety Constraints' are included in the instructions, requiring the agent to obtain explicit user approval for recipient, content, and identity before executing any send or reply actions.
Audit Metadata