lark-vc
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill uses a local CLI tool ('lark-cli') to interact with the Lark/Feishu API. All network operations are performed by this tool rather than through direct script-based calls to external domains.
- [SAFE]: No hardcoded credentials or sensitive environment variables were found. The skill correctly references a shared authentication mechanism ('lark-shared/SKILL.md') and instructs users to use 'lark-cli auth login'.
- [SAFE]: The skill does not contain any obfuscated code, hidden instructions, or malicious persistence mechanisms.
- [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection because it retrieves and processes content from external sources (meeting notes, transcripts, and documents). This content is authored by users and could potentially contain malicious instructions.
- Ingestion points: The skill fetches data via 'lark-cli vc +notes' and 'lark-cli docs +fetch' (referenced in SKILL.md).
- Boundary markers: There are no explicit instructions in the skill to wrap the ingested content in delimiters or to ignore embedded instructions.
- Capability inventory: The agent has the capability to write transcripts to the local file system (via '--output-dir') and fetch document content.
- Sanitization: No sanitization or filtering of the retrieved meeting content is performed before presenting it to the agent.
Audit Metadata