lark-workflow-stock-analyzer
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection due to its multi-step processing of external data.\n
- Ingestion points: The skill fetches market data, financial news, and analyst expectations via the
WebSearchtool and reads user-defined stock records from Lark Base (SKILL.md).\n - Boundary markers: There are no explicit delimiters or instructions to ignore embedded commands within the fetched external content in the provided workflow prompts.\n
- Capability inventory: The skill has significant capabilities, including writing to Lark Base (
+record-upsert), creating documents (docs +create), and sending IM notifications (im +messages-send) via thelark-clitool.\n - Sanitization: No evidence of sanitization or validation of the content retrieved from web searches is present, which could allow malicious third-party content to influence the AI's summarized reports or notifications.\n- [COMMAND_EXECUTION]: The skill relies on the execution of the
lark-clibinary to interact with the Lark platform. This involves commands for table creation, record management, and document creation. While these are central to the skill's purpose, they require the environment to have an authenticated CLI tool present.
Audit Metadata