lark-mcp
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill facilitates indirect prompt injection by directing the agent to process content from untrusted external sources.
- Ingestion points: The agent reads data from external sources using tools like
docx_v1_document_rawContent,im_v1_message_list, andbitable_v1_appTableRecord_search. - Capability inventory: The agent possesses capabilities to modify data and send messages via
bitable_v1_appTableRecord_updateandim_v1_message_create. - Boundary markers: The instructions lack markers to distinguish between system instructions and untrusted data.
- Sanitization: There are no guidelines for validating or sanitizing retrieved data before execution.
Audit Metadata