Skills
skills/yjwong/lark-cli/bitable/Gen Agent Trust Hub

bitable

Pass

Audited by Gen Agent Trust Hub on Mar 30, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes the lark command-line utility to list tables, fields, and records from Lark Bitable apps. This requires the binary to be present in the environment's PATH.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it retrieves and processes untrusted data from external Bitable records.
  • Ingestion points: Untrusted data enters the agent's context through the lark bitable records command output in SKILL.md.
  • Boundary markers: While the output is structured as JSON, which provides a logical separation, it does not prevent the agent from being influenced by instructions embedded within the field values of retrieved records.
  • Capability inventory: The agent has the capability to execute shell commands via the lark tool based on the data retrieved.
  • Sanitization: No explicit sanitization, filtering, or escaping of the retrieved database content is documented or implemented before the data is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 30, 2026, 03:19 AM