lark-minutes

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted external data, which is a common surface for indirect prompt injection. This is an inherent risk for skills designed to analyze user-provided documents.
  • Ingestion points: The skill accepts data through materialText (text input), materialFile (file uploads), and materialUrl (external links) as defined in references/form-schema.json.
  • Boundary markers: No explicit delimiters or boundary markers are defined in the instruction files to separate untrusted content from the agent's system instructions.
  • Capability inventory: The skill includes a Python runner (scripts/run.py) that performs network operations to communicate with the vendor's API.
  • Sanitization: No specific data sanitization or validation logic is present in the provided skill components.
  • [EXTERNAL_DOWNLOADS]: The provided Python script (scripts/run.py) makes network requests to the vendor's official API endpoint (ai-skills.ai) to execute the skill's logic. This is part of the skill's intended functionality.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 03:31 AM
Security Audit — agent-trust-hub — lark-minutes