lark
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches the '@larksuite/whiteboard-cli' package from the official NPM registry to support the rendering of charts and diagrams within documents.
- [COMMAND_EXECUTION]: The 'scripts/helper.sh' script executes local 'python3' commands to parse JSON configuration files and utilizes the macOS 'security' tool to manage application secrets within the system keychain.
- [COMMAND_EXECUTION]: Provides Node.js templates for diagram coordinate calculations (e.g., fishbone, flywheel, treemap) which are designed to be executed locally to generate structured chart data.
- [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection through its primary functions of reading and processing untrusted content from Lark messages, documents, and spreadsheets.
- Ingestion points: Fetches content from conversation logs ('lark-im-chat-messages-list.md'), cloud documents ('lark-doc-fetch.md'), and spreadsheet cells ('lark-sheets-read.md').
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands are used when interpolating external content into prompts.
- Capability inventory: Possesses permissions to send IM messages ('lark-im-messages-send.md'), create or update cloud documents ('lark-doc-create.md'), and manage complex automation workflows ('lark-base-workflow-create.md').
- Sanitization: No specialized sanitization or filtering logic was identified for data processed at runtime.
Audit Metadata