lark-sheets
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on the
lark-clibinary to perform all spreadsheet operations. This is the intended design for the agent to interface with the Lark platform. - [DATA_EXFILTRATION]: The
+exportfunctionality allows the agent to download spreadsheet content to a local file path. This is a standard feature for spreadsheet management and is documented clearly for the user. - [PROMPT_INJECTION]: The instructions use strong directional language (e.g., 'CRITICAL', 'MUST', 'IMPORTANT') to ensure the agent follows specific authentication and permission handling procedures. These instructions are functional guardrails rather than attempts to bypass security filters.
- [SAFE]: The skill is authored by 'larksuite' and uses official vendor tools and domains. No evidence of obfuscation, credential exposure, or unauthorized persistence was found.
Audit Metadata