lark-okr
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it retrieves and processes user-controlled OKR content (Objectives, Key Results, Notes) which may contain malicious instructions.
- Ingestion points: External data enters the agent context through tools such as
okr +cycle-detailandobjectives.getdefined in SKILL.md and its references. - Capability inventory: The skill has the capability to modify and delete OKR data via the
lark-cli okrinterface (e.g.,objectives.delete,key_results.patch). - Boundary markers: The instructions do not define any delimiters or system prompts to isolate the user-provided OKR content from the agent's operational instructions.
- Sanitization: No validation, filtering, or escaping of the OKR content is performed before the agent interprets the data.
Audit Metadata