lark-mail
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill incorporates high-priority safety instructions to guard against prompt injection. It explicitly directs the agent to treat email bodies, subjects, and sender information as untrusted data and to ignore any commands contained within. The static analysis flag for 'ignore instructions' is a false positive, as the text is a defensive measure preventing the override of system safety by external email data.
- [DATA_EXFILTRATION]: While the skill manages sensitive communication, it includes strict guardrails against unauthorized data transmission. Sending, replying, and forwarding operations default to creating drafts, and the agent is strictly forbidden from executing a final send without the user's explicit consent after reviewing the recipients and content summary.
- [COMMAND_EXECUTION]: All email operations are conducted through the 'lark-cli' tool. The skill does not perform any arbitrary shell command execution or unsafe interpolation of external data into command strings.
Audit Metadata