minutes
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on the "lark" command-line tool to fetch meeting metadata, export transcripts, and check authentication status.
- [EXTERNAL_DOWNLOADS]: Accesses meeting data and media download links from official Lark service domains including "bytedance.larksuite.com" and "larksuite.cn".
- [PROMPT_INJECTION]: The skill processes meeting transcripts which represent an indirect prompt injection surface. Ingestion points: Meeting transcripts are retrieved from the Lark service via the "lark minutes transcript" command in "SKILL.md". Boundary markers: None are present in the skill instructions. Capability inventory: The skill uses the "lark" CLI to interact with the Lark API. Sanitization: The skill does not implement sanitization or filtering of the transcript content before it is processed by the agent.
Audit Metadata