lark-openapi-explorer
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches documentation from the official vendor domains
open.feishu.cnandopen.larksuite.comusing theWebFetchtool to discover API endpoints and specifications. - [COMMAND_EXECUTION]: The skill executes shell commands using the
lark-cli apitool to perform HTTP requests. The paths, methods, and data for these commands are dynamically constructed from the information retrieved in the documentation fetching step. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes external documentation at runtime to determine its next actions. If the documentation content were to be compromised, it could potentially influence the agent's behavior.
- Ingestion points: API documentation and index files retrieved via
WebFetchas described inSKILL.md. - Boundary markers: Not present; the agent is instructed to extract information directly from the fetched content without explicit delimiters or safety warnings regarding the source data.
- Capability inventory: The skill utilizes the
lark-cli apicommand (inSKILL.md) which allows for arbitrary HTTP method execution (GET, POST, PUT, DELETE, PATCH) against the platform's API. - Sanitization: No sanitization or validation of the documentation content is performed before it is used to generate CLI commands.
Audit Metadata