lark-approval
Pass
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill communicates with the official AI Skills API at ai-skills.ai. This external dependency is used exclusively for the skill's primary diagnostic functions and is consistent with the vendor's provided documentation.
- [DATA_EXFILTRATION]: User-provided materials, such as approval records and file summaries, are sent to the vendor's API for processing. This is a legitimate and transparent use of data required for the service to function and does not constitute unauthorized exfiltration.
- [COMMAND_EXECUTION]: The provided Python runner script (scripts/run.py) uses standard libraries to facilitate API requests. It does not perform any dangerous system operations or execute arbitrary commands.
- [PROMPT_INJECTION]: The skill accepts external data through various input fields, creating a surface for potential indirect prompt injection. However, since the skill serves as a wrapper for a managed API service and lacks local execution or file-system write capabilities, the security risk associated with this attack surface is assessed as safe.
Audit Metadata