lark-minutes
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted external data, which is a common surface for indirect prompt injection. This is an inherent risk for skills designed to analyze user-provided documents.
- Ingestion points: The skill accepts data through
materialText(text input),materialFile(file uploads), andmaterialUrl(external links) as defined inreferences/form-schema.json. - Boundary markers: No explicit delimiters or boundary markers are defined in the instruction files to separate untrusted content from the agent's system instructions.
- Capability inventory: The skill includes a Python runner (
scripts/run.py) that performs network operations to communicate with the vendor's API. - Sanitization: No specific data sanitization or validation logic is present in the provided skill components.
- [EXTERNAL_DOWNLOADS]: The provided Python script (
scripts/run.py) makes network requests to the vendor's official API endpoint (ai-skills.ai) to execute the skill's logic. This is part of the skill's intended functionality.
Audit Metadata