lark-whiteboard
Warn
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill requires the agent to generate and execute JavaScript files (e.g.,
node xxx.js) to perform complex coordinate calculations for diagram types such as Fishbone, Flywheel, and Funnel. This dynamic generation and execution of code that incorporates user-provided content (labels and data points) represents a risk of local code execution if the agent platform does not provide a secure sandbox for the generated script. - [EXTERNAL_DOWNLOADS]: The skill requires the installation and use of external tools from the NPM registry, specifically
@larksuite/whiteboard-cliandlark-cli. These are established official packages for the Lark/Feishu platform. The skill also utilizesnpxto execute these rendering tools. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes user-provided diagram data and labels, which are then incorporated into JSON structures and dynamically generated JavaScript templates.
- Ingestion points: User requests for creating specific diagrams, which are processed via the instructions in
SKILL.mdand the scene-specific markdown files. - Boundary markers: The skill relies on specific JSON schemas and script templates for structure, but does not provide explicit delimiters or instructions to ignore potential commands embedded within user-provided labels.
- Capability inventory: The skill has capabilities for file system access (writing scripts and JSON), command execution (node, npx, lark-cli), and interacting with the Lark platform via a CLI.
- Sanitization: No explicit sanitization or escaping mechanism for user-provided strings before they are interpolated into JavaScript templates is described in the workflow.
Audit Metadata