lark-sheets
Pass
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the lark-cli to perform all spreadsheet-related operations, including reading cell data, writing values, managing filter views, and exporting files.
- [SAFE]: Implements secure file handling for image uploads in
references/lark-sheets-media-upload.md, where the CLI restricts file paths to relative paths within the current working directory, preventing arbitrary file access. - [SAFE]: Includes explicit safety warnings (CAUTION blocks) for all destructive or modification operations such as deleting dimensions, replacing values, and merging cells, instructing the agent to confirm user intent before execution.
- [SAFE]: Indirect Prompt Injection Surface: The skill provides capabilities to read spreadsheet contents (
+read,+find). While this introduces a standard attack surface where external data enters the agent context, the skill is a functional utility for the Lark platform and relies on existing agent guardrails for processing untrusted content. - [SAFE]: Permission management features are included, such as automatically granting management permissions to the user when a resource is created by a bot, which is a legitimate part of the platform's access control workflow.
Audit Metadata