lark-workflow-meeting-notes
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
lark-clibinary to perform various operations, including retrieving calendar events, fetching document content, and sending instant messages. - [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection because it processes untrusted data from external meeting minutes and video conference records.
- Ingestion points: Content is retrieved from external sources via
lark-cli docs +fetchandlark-cli vc(SKILL.md). - Boundary markers: The instructions do not define clear delimiters or "ignore instructions" guards when passing fetched meeting content to the LLM for summarization.
- Capability inventory: The skill has the ability to read private documents, access participant lists, and send direct messages to users via
im +messages-send(SKILL.md). - Sanitization: There is no evidence of sanitization or filtering applied to the document content before it is processed by the AI, allowing potentially malicious instructions embedded in a meeting document to influence the agent's behavior.
Audit Metadata