lark-workflow-content-pipeline
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on the
lark-clibinary to perform operations including user authentication, message retrieval from chat groups, and management of Lark Base records and tasks. - [PROMPT_INJECTION]: Indirect Prompt Injection vulnerability surface identified.
- Ingestion points: Untrusted data enters the agent context through
im +chat-messages-list, which retrieves recent chat messages, anddocs +search, which queries the knowledge base. - Boundary markers: The instructions do not define explicit delimiters or use 'ignore embedded instructions' warnings when the agent processes retrieved text from chat history or documents.
- Capability inventory: The skill has significant capabilities including sending messages via
im +messages-send, creating tasks viatask +create, and generating new documents viadocs +create. - Sanitization: There is no evidence of sanitization or validation of the ingested external content before it is interpolated into prompts for topic evaluation or content generation.
Audit Metadata