lark-workflow-form-builder
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface where untrusted data (user-defined form requirements) is processed to design database structures and messaging content. * Ingestion points: User input regarding form themes and field requirements enter the agent context in the form design step. * Boundary markers: There are no explicit delimiters or instructions to ignore embedded commands within the ingested data. * Capability inventory: The skill possesses the capability to create tables, modify fields, configure forms, and send messages via the
lark-clitool. * Sanitization: The workflow relies on a human-in-the-loop confirmation step ('与用户确认字段方案后再执行创建操作') rather than automated sanitization to validate the AI-generated design. - [COMMAND_EXECUTION]: The skill interacts with the local environment by executing the
lark-clibinary. These operations are within the stated purpose of managing Lark/Feishu resources and use parameter placeholders for dynamic tokens and identifiers.
Audit Metadata