lark-im
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface.
- Ingestion points: The skill retrieves untrusted data from Feishu/Lark chat messages and search results through shortcuts such as
+chat-messages-list,+messages-search, and+threads-messages-list(as documented in the respective reference files). - Boundary markers: The instructions do not define explicit delimiters or use specific formatting to isolate ingested chat data from agent instructions, nor do they include warnings to ignore embedded commands within the fetched content.
- Capability inventory: The skill provides access to several high-privilege operations that could be abused if an injection occurs, including sending/replying to messages (
+messages-send,+messages-reply), managing group memberships and metadata (+chat-create,+chat-update), and downloading file resources (+messages-resources-download). - Sanitization: There is no mention of sanitization, escaping, or validation of the message content before it is processed by the AI agent.
Audit Metadata