Skills
skills/shunsukehayashi/lark-harness/lark-minutes/Gen Agent Trust Hub

lark-minutes

Pass

Audited by Gen Agent Trust Hub on May 1, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes shell commands via the lark-cli binary. This involves passing user-provided parameters such as search queries, tokens, and file paths directly to the CLI tool.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it retrieves and processes untrusted content (e.g., meeting titles, summaries, and transcripts) from Lark APIs. Malicious instructions embedded in this data could potentially influence the agent's behavior.
  • Ingestion points: Search results and metadata fetched via lark-cli minutes +search and lark-cli minutes minutes get (as documented in SKILL.md).
  • Boundary markers: The instructions do not specify the use of delimiters or 'ignore embedded instructions' prompts when processing retrieved data.
  • Capability inventory: The agent has file system write access through the lark-cli minutes +download --output <path> command (as documented in references/lark-minutes-download.md).
  • Sanitization: No explicit sanitization or validation of the retrieved text content is defined in the skill logic.
Audit Metadata
Risk Level
SAFE
Analyzed
May 1, 2026, 10:36 AM