Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the lark command-line tool to perform all operations, including configuration, synchronization, and content retrieval. This involves executing various subcommands in the user's shell environment. \n
- Evidence: Examples in SKILL.md include
lark mail setup,lark mail sync, andlark mail show. \n- [DATA_EXFILTRATION]: The skill is designed to access and retrieve sensitive information in the form of private email content and metadata from Lark Mail. \n - Evidence: The
lark mail searchandlark mail showcommands return details like sender addresses, subjects, and the full text of email bodies. \n- [PROMPT_INJECTION]: The skill processes untrusted external data (email bodies), creating an inherent surface for indirect prompt injection. \n - Ingestion points: Email content is ingested into the agent context via the output of the
lark mail showcommand as described in SKILL.md. \n - Boundary markers: There are no explicit boundary markers or instructions to the agent to disregard instructions within the email body. \n
- Capability inventory: The skill includes the capability to execute shell commands via the lark CLI tool across multiple commands. \n
- Sanitization: No sanitization or validation of the retrieved email body is mentioned in the skill documentation.
Audit Metadata