lark-drive
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on the
lark-clibinary to interact with the Lark Open Platform API. This involves executing shell commands to perform operations like file uploads, downloads, and permission modifications. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it is designed to fetch and process document comments, which are untrusted external inputs.
- Ingestion points: Untrusted data enters the agent context through the
drive file.comments listcommand (defined inSKILL.md) and the comment listing logic described in the core concepts. - Boundary markers: The instructions do not define delimiters or provide specific guidance to the agent to ignore or isolate instructions that might be embedded within the retrieved comments.
- Capability inventory: The skill possesses powerful capabilities that could be abused if an injection is successful, including file uploads (
+upload), file copying (files.copy), and modifying document permissions (permission.members.create). - Sanitization: There is no mention of sanitizing or validating the content of document comments before the agent processes them.
Audit Metadata