lark-workflow-meeting-summary
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
lark-clibinary to perform administrative and data retrieval tasks such as searching meeting history, fetching notes, and managing cloud documents. It also uses the systemdatecommand for calculating relative time ranges (e.g., 'today', 'last week'). these operations are standard for the skill's stated productivity purpose. - [EXTERNAL_DOWNLOADS]: The skill requires the
lark-clibinary as a prerequisite. This is a vendor-provided tool required to interact with the Lark (Feishu) platform APIs. - [DATA_EXFILTRATION]: The workflow involves reading meeting metadata and document tokens. However, all data access is scoped to the authenticated Lark user's permissions and processed within the intended Lark environment via the vendor's CLI. No unauthorized external network calls were detected.
- [PROMPT_INJECTION]: The skill acts as an aggregator for meeting notes and transcripts, which represents an indirect prompt injection surface.
- Ingestion points: Meeting notes and verbatim transcripts retrieved via
lark-cli vc +notes. - Boundary markers: Not explicitly defined in the provided workflow steps.
- Capability inventory: The skill has the ability to write/update documents via
lark-cli docs +createandlark-cli docs +update. - Sanitization: No specific sanitization or filtering of the retrieved meeting content is mentioned before it is processed into a report.
Audit Metadata