lark-skill-maker
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is primarily instructional, providing a standardized template for creating other skills. It does not contain any executable scripts or hidden logic that would compromise the agent or the user's environment.
- [COMMAND_EXECUTION]: The skill documents patterns for using
lark-cli, a tool for interacting with the Lark/Feishu API. The instructions focus on legitimate API exploration and task orchestration within that platform. - [PROMPT_INJECTION]: The skill describes a workflow that involves ingesting API documentation (via the
lark-openapi-explorerskill) to construct commands. While this creates a potential surface for indirect prompt injection from documentation content, the skill mitigates this by instructing the agent to confirm user intent and utilize--dry-runmodes for any data-modifying actions.
Audit Metadata