Skills
skills/liangdabiao/lark-workflow-feishu-cli/lark-calendar/Gen Agent Trust Hub

lark-calendar

Pass

Audited by Gen Agent Trust Hub on Apr 13, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the lark-cli tool to interact with the Lark Calendar API. It supports complex operations like managing event attendees, searching for busy/free slots, and generating meeting time suggestions. The instructions also direct the agent to use system commands or script code to ensure accurate date and time conversions.
  • [DATA_EXFILTRATION]: The skill accesses sensitive calendar data, including event details, descriptions, and participant IDs. This data is used within the agent's context to fulfill user scheduling requests and is not transmitted to unauthorized external domains.
  • [PROMPT_INJECTION]: The skill processes external data from calendar events (such as titles and descriptions), which represents a theoretical indirect prompt injection surface. However, the skill includes defensive instructions, such as mandatory reading of shared configuration files and requirements for user confirmation before executing write operations, which mitigate the risk of unintended behavior triggered by malicious event content.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 13, 2026, 09:52 AM