Skills
skills/shunsukehayashi/lark-harness/lark-event/Gen Agent Trust Hub

lark-event

Pass

Audited by Gen Agent Trust Hub on May 1, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection as it is designed to ingest live message content from Lark (Feishu) events.
  • Ingestion points: im.message.receive_v1 events (and 23 other event types) via WebSocket long connection.
  • Boundary markers: Absent; the provided pipeline examples directly interpolate message content into shell commands and agent prompts.
  • Capability inventory: File system writes via --output-dir and --route flags; execution of external binaries (lark-cli, jq, claude) as seen in the Agent Pipeline Examples section of references/lark-event-subscribe.md.
  • Sanitization: No evidence of sanitization, escaping, or instruction-filtering on incoming message content before processing.
  • [COMMAND_EXECUTION]: The skill relies on the execution of the lark-cli binary and explicitly encourages users to build automation pipelines using shell scripts that process dynamic event data, which could lead to command injection if not handled carefully in the user's environment.
  • [DATA_EXFILTRATION]: The skill accesses sensitive organizational data, including IM messages, contact lists, and calendar events. It provides features to automatically write this data to the local file system (using --output-dir or --route), which facilitates the movement of sensitive information into less secure environments.
Audit Metadata
Risk Level
SAFE
Analyzed
May 1, 2026, 10:36 AM