lark-approval

Pass

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill communicates with the official AI Skills API at ai-skills.ai. This external dependency is used exclusively for the skill's primary diagnostic functions and is consistent with the vendor's provided documentation.
  • [DATA_EXFILTRATION]: User-provided materials, such as approval records and file summaries, are sent to the vendor's API for processing. This is a legitimate and transparent use of data required for the service to function and does not constitute unauthorized exfiltration.
  • [COMMAND_EXECUTION]: The provided Python runner script (scripts/run.py) uses standard libraries to facilitate API requests. It does not perform any dangerous system operations or execute arbitrary commands.
  • [PROMPT_INJECTION]: The skill accepts external data through various input fields, creating a surface for potential indirect prompt injection. However, since the skill serves as a wrapper for a managed API service and lacks local execution or file-system write capabilities, the security risk associated with this attack surface is assessed as safe.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 20, 2026, 07:59 AM
Security Audit — agent-trust-hub — lark-approval