lark-doc
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: Comprehensive analysis of the provided markdown and scripts found no evidence of malicious intent or unauthorized actions.
- [DATA_EXFILTRATION]: The script scripts/run.py is configured to transmit user data to ai-skills.ai. This data flow is the primary purpose of the skill and uses the developer's official domain.
- [PROMPT_INJECTION]: The skill accepts input from potentially untrusted documents and URLs, creating an indirect prompt injection surface. 1. Ingestion points: materialText, materialFile, and materialUrl in references/form-schema.json. 2. Boundary markers: None identified in the provided templates. 3. Capability inventory: The agent analyzes the ingested content to produce summaries and diagnosis deliverables. 4. Sanitization: Inputs are transmitted without local sanitization for processing by the vendor's API.
Audit Metadata