Skills
skills/liangdabiao/lark-workflow-feishu-cli/lark-workflow-multi-agent-dev/Gen Agent Trust Hub

lark-workflow-multi-agent-dev

Pass

Audited by Gen Agent Trust Hub on Apr 13, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: Indirect prompt injection surface identified.
  • Ingestion points: User-provided task descriptions are incorporated into prompts for sub-agents across the Competition, Division of Labor, and Pipeline workflow modes in SKILL.md.
  • Boundary markers: The prompt templates for sub-agents do not use delimiters (e.g., XML tags or backticks) or specific instructions to ignore potentially malicious commands embedded in the {任务描述} variable.
  • Capability inventory: Sub-agents utilize general-purpose execution environments, allowing for arbitrary code execution. They also have access to git and gh tools for repository and Pull Request management.
  • Sanitization: No sanitization, escaping, or validation logic is applied to user-supplied task strings before they are processed by sub-agents.
  • [COMMAND_EXECUTION]: The skill executes shell commands to perform its primary functions.
  • Evidence: Instructions use lark-cli for interaction with the Lark platform and standard Git and GitHub CLI tools for version control.
  • [EXTERNAL_DOWNLOADS]: The skill depends on external binaries specified in its requirements.
  • Evidence: Requires the lark-cli binary, which must be authenticated and available in the execution environment.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 13, 2026, 09:52 AM