lark-doc
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
lark-cliandwhiteboard-clito perform operations on the Lark platform. These include document searches, content fetching, and updating document blocks. These are legitimate but powerful operations performed via shell commands. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. It retrieves content from Lark documents using
docs +fetch. This content, which could be controlled by an external party, is then processed by the agent. Without boundary markers or sanitization, the agent might interpret text within the document as direct instructions. - Ingestion points: Document content retrieved in
references/lark-doc-fetch.mdvia the--docparameter. - Boundary markers: None identified in the skill instructions to separate document content from agent instructions.
- Capability inventory: Extensive capabilities through
lark-cli, including content modification (docs +update) and permission management (grantingfull_accessinlark-doc-create.md). - Sanitization: No sanitization process is described for the fetched Markdown content before processing.
Audit Metadata