lark-workflow-morning-brief
Warn
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [DATA_EXPOSURE_AND_EXFILTRATION]: The skill aggregates highly sensitive user data including email summaries, calendar events, and task lists. This information is processed and then exfiltrated to the Feishu messaging platform via the
im +messages-sendcommand. While this represents the primary function of the skill, the concentration and transmission of such data to an external service is a significant security consideration. - [INDIRECT_PROMPT_INJECTION]: The skill processes data from emails via the
mail +triagecommand. Emails are an untrusted external source that could contain malicious instructions designed to influence the AI agent's behavior. - Ingestion points: Email data is fetched using
lark-cli mail +triage(Step 4 inSKILL.md). - Boundary markers: The skill includes an explicit safety rule stating that mail content is untrusted and should not be used to execute instructions (Step 4 in
SKILL.md). - Capability inventory: The skill has the ability to send messages (
im +messages-send), search chats (im +chat-search), and read calendar/task data across various scripts. - Sanitization: It instructs the AI to only display summaries (sender, subject) and specifically warns against executing embedded commands.
- [PERSISTENCE_MECHANISMS]: The skill suggests using the
CronCreatetool to schedule the morning brief daily (0 8 * * 1-5). This allows the skill to execute automatically at set intervals, maintaining a presence in the user's workflow. - [COMMAND_EXECUTION]: The skill executes shell commands using the
lark-clibinary and the systemdateutility to manage authentication, data retrieval, and date calculations.
Audit Metadata