lark-base
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or persistence mechanisms were detected. The skill is purely instructional and follows established patterns for CLI-based resource management.
- [COMMAND_EXECUTION]: The skill utilizes the
lark-clibinary to perform operations on the Lark platform. High-risk operations such as record or table deletion are guarded by a requirement for explicit user intent and the use of the--yesflag, which acts as a safety mechanism against accidental or unauthorized destructive actions. - [DATA_EXPOSURE]: The skill processes Bitable tokens and Wiki identifiers. It provides clear guidance on identifying the correct tokens and warns against common configuration errors (e.g., using Wiki tokens as Base tokens). No evidence of credential exfiltration or access to sensitive local system files was found.
- [INDIRECT_PROMPT_INJECTION]: The skill has an attack surface as it processes data from external sources (Bitable records and Wiki nodes). 1. Ingestion points: Data enters the agent context through record reading (
+record-get) and Wiki node inspection (wiki.spaces.get_node). 2. Boundary markers: Instructions mandate the use of strict JSON schemas and reference guides (e.g.,lark-base-workflow-schema.md) to define valid inputs. 3. Capability inventory: The agent can perform write operations, including creating tables and updating records, usinglark-cli. 4. Sanitization: Validation is managed by requiring structured data in JSON format and following precise value format specifications (e.g.,lark-base-shortcut-record-value.md). Given that the data source is the user's own business environment, the risk is negligible within the scope of the skill's intended use.
Audit Metadata