lark-doc

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: Comprehensive analysis of the provided markdown and scripts found no evidence of malicious intent or unauthorized actions.
  • [DATA_EXFILTRATION]: The script scripts/run.py is configured to transmit user data to ai-skills.ai. This data flow is the primary purpose of the skill and uses the developer's official domain.
  • [PROMPT_INJECTION]: The skill accepts input from potentially untrusted documents and URLs, creating an indirect prompt injection surface. 1. Ingestion points: materialText, materialFile, and materialUrl in references/form-schema.json. 2. Boundary markers: None identified in the provided templates. 3. Capability inventory: The agent analyzes the ingested content to produce summaries and diagnosis deliverables. 4. Sanitization: Inputs are transmitted without local sanitization for processing by the vendor's API.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 03:31 AM
Security Audit — agent-trust-hub — lark-doc