messages
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (LOW): Indirect Prompt Injection vulnerability surface identified through the processing of untrusted external data.
- Ingestion points: The skill retrieves external chat content using the
lark msg historyandlark chat searchcommands as described inSKILL.md. - Boundary markers: No specific delimiters or "ignore instructions" safety boundaries are defined to encapsulate the retrieved chat data.
- Capability inventory: The skill allows the agent to send messages (
lark msg send), download files/resources to the local filesystem (lark msg resource), and delete/recall messages (lark msg recall). - Sanitization: There is no evidence of sanitization or filtering of incoming message content before it is processed by the AI agent.
- COMMAND_EXECUTION (SAFE): The skill utilizes the
larkcommand-line interface to perform its functions. The commands are structured using explicit flags and do not show signs of shell injection vulnerabilities in their definitions.
Audit Metadata