lark-whiteboard
Warn
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on various shell-based tools, including
lark-clifor interacting with the Lark platform andnpxfor running the@larksuite/whiteboard-cliutility package. - [REMOTE_CODE_EXECUTION]: To handle complex geometric calculations for diagrams like Fishbone, Funnel, and Flywheel charts, the skill instructs the agent to generate CommonJS (
.cjs) scripts at runtime. These scripts are then executed usingnodeto produce JSON data for the whiteboard (e.g., as described inroutes/dsl.mdand several files inscenes/). While the scripts are based on provided templates, the execution of AI-generated code on the local system represents a notable security surface. - [EXTERNAL_DOWNLOADS]: The skill's image preparation workflow (
references/image.md) involves usingcurlto download images from external URLs or third-party image libraries. These images are then uploaded to Lark's media service. - [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection due to its read-process-write cycle.
- Ingestion points: Data is ingested from external whiteboards via the
lark-cli whiteboard +querycommand (references/lark-whiteboard-query.md). - Boundary markers: The instructions do not specify the use of delimiters or specific warnings to ignore instructions embedded within the whiteboard content during processing.
- Capability inventory: The environment includes shell access (
lark-cli,node,npx,curl), file system write access for output products, and network access via the Lark CLI andcurl. - Sanitization: Validation steps like the
--checkflag for SVG rendering are used to ensure layout integrity, but no security-focused sanitization of external content is mentioned.
Audit Metadata