lark-workflow-standup-report
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes
lark-clito interact with Lark/Feishu calendar and task services. These commands are necessary for the skill's intended workflow and are documented as requiring specific scopes. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted data from external sources (calendar event summaries and task descriptions).
- Ingestion points: External data is ingested into the agent context through the outputs of
lark-cli calendar +agendaandlark-cli task +get-my-tasksinSKILL.md. - Boundary markers: Absent. The AI summarization instructions do not include delimiters or specific instructions to ignore any potential commands embedded in the retrieved data.
- Capability inventory: The skill has the capability to execute shell commands using the
lark-clibinary. - Sanitization: There is no evidence of sanitization or filtering applied to the calendar or task content before the AI processes it.
Audit Metadata