lark-workflow-doc-perm
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
lark-clicommand-line tool to perform authenticated operations within the Lark/Feishu ecosystem. These operations include wiki node resolution (wiki spaces get_node), user directory searches (contact +search-user), and document permission modification (drive permission.members create) as described in SKILL.md. - [PROMPT_INJECTION]: The instructions incorporate emphatic formatting ('CRITICAL', 'MUST') to ensure the agent follows specific setup requirements for authentication. Additionally, the skill includes an indirect prompt injection surface by processing user-provided document tokens and names.
- Ingestion points: User-supplied document identifiers, wiki URLs, and contact names processed in SKILL.md.
- Boundary markers: No explicit delimiters or sanitization warnings are present to separate user data from operational instructions.
- Capability inventory: The skill possesses the capability to modify document permissions and send instant messages via
lark-cli(SKILL.md). - Sanitization: The skill does not implement specific validation or escaping for external content before passing it to tool parameters.
Audit Metadata