Skills
skills/liangdabiao/lark-workflow-feishu-cli/lark-contact/Gen Agent Trust Hub

lark-contact

Pass

Audited by Gen Agent Trust Hub on Apr 13, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes the lark-cli command-line binary to interact with Lark's APIs. Commands such as lark-cli contact +search-user and lark-cli contact +get-user are used to perform legitimate organizational tasks such as looking up employee IDs and contact details.
  • [PROMPT_INJECTION]: The skill contains an instructional block in SKILL.md using strong markers ("CRITICAL", "MUST") to direct the agent to read shared authentication and safety guidelines (lark-shared/SKILL.md) before proceeding. These are operational safety requirements and do not constitute an attempt to bypass agent security filters or safety protocols.
  • [SAFE]: The skill does not contain hardcoded credentials, unauthorized network requests, or obfuscation. The data accessed (Lark employee PII) is necessary for the skill's stated purpose and is retrieved through authorized CLI operations without being exfiltrated to external or unknown domains.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 13, 2026, 09:52 AM