lark-event
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill facilitates the ingestion of untrusted data from the Lark platform, creating a surface for indirect prompt injection attacks. • Ingestion points: The
lark-cli event +subscribecommand inreferences/lark-event-subscribe.mdoutputs real-time event data, including user-generated chat messages. • Boundary markers: Absent. The example pipelines inreferences/lark-event-subscribe.mdinterpolate event content directly into prompts (e.g.,claude -p "Reply concisely: $content") without delimiters or instructions to ignore embedded commands. • Capability inventory: The skill utilizeslark-cliwhich provides capabilities for network API calls and document modifications, posing a risk if triggered by malicious input. • Sanitization: Absent. The examples demonstrate parsing data withjqbut do not perform any validation, filtering, or escaping of the raw message content before further processing. - [COMMAND_EXECUTION]: The documentation for the
+subscribecommand inreferences/lark-event-subscribe.mdincludes a--forceflag that allows users to bypass a single-instance lock. This flag overrides a safety constraint intended to maintain data integrity and instance synchronization.
Audit Metadata