lark-workflow-health-diary
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on the
lark-clibinary to perform operations such as downloading message resources, managing database records, and creating documents. While these commands are structured and targeted at the Lark platform, they involve the execution of external processes based on skill instructions. - [PROMPT_INJECTION]: The skill contains a high-priority instruction ('CRITICAL — 开始前 MUST...') that directs the agent to prioritize reading a specific external file for authentication and permissions. Furthermore, the skill is susceptible to indirect prompt injection as it processes external, untrusted data from user messages to drive its workflows.
- Ingestion points: User-provided text and image messages retrieved via
lark-cli im +messages-resources-downloadand+chat-messages-list. - Boundary markers: The instructions lack explicit delimiters or 'ignore' directives to separate user data from agent instructions.
- Capability inventory: The skill can create/update database records (
base +record-upsert), create documents (doc +create), and send messages (im +messages-send). - Sanitization: There is no evidence of validation or sanitization of the content parsed from user messages before it is used in subsequent operations.
Audit Metadata