lark-contact
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill functions as a legitimate wrapper for the Lark Contact API, facilitating organizational directory lookups through a known CLI tool (lark-cli).
- [SAFE]: Data access is limited to standard contact fields such as names, emails, and phone numbers, which is entirely consistent with the skill's described functionality for managing enterprise communications.
- [SAFE]: No evidence of prompt injection, obfuscation, unauthorized network calls, or persistence mechanisms was found in the instructions or reference materials.
- [SAFE]: The skill uses modular references to a shared configuration for authentication, following good security practices for credential management.
Audit Metadata