lark-calendar
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill is designed to interact with the Lark platform by executing commands through the
lark-clibinary. All identified command patterns (e.g.,lark-cli calendar events create,lark-cli calendar +agenda) are legitimate and directly related to the skill's core functionality for managing schedules and meeting rooms. - [PROMPT_INJECTION]: The skill provides an attack surface for indirect prompt injection by processing untrusted user data and interpolating it into command-line arguments.
- Ingestion points: User-supplied text for meeting titles (
--summary), descriptions (--description), and participant IDs (--attendee-ids) inreferences/lark-calendar-create.mdandreferences/lark-calendar-room-find.md. - Boundary markers: Present. The skill mandates specific formatting for inputs, such as ISO 8601 for timestamps and standard ID prefixes (e.g.,
ou_,oc_,omm_), which serves as a functional delimiter. - Capability inventory: The skill utilizes subprocess calls via
lark-clito perform read and write operations on calendar data, including searching, creating, and deleting events. - Sanitization: Absent. The instructions do not explicitly require the agent to sanitize or escape user-provided strings before they are passed to the CLI tool, relying on the platform's underlying tool execution safety.
Audit Metadata