lark-sheets

Pass

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides a Python execution script at scripts/run.py which is designed to be run locally by the user to interact with the service API.
  • [EXTERNAL_DOWNLOADS]: The execution script scripts/run.py performs network requests to https://ai-skills.ai/api/execute. This endpoint is used to send the user-provided parameters and receive analysis results. This domain is associated with the skill's own infrastructure.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data provided by users through several fields.
  • Ingestion points: Untrusted data enters the agent context through the materialText, materialFile, and materialUrl fields defined in references/form-schema.json.
  • Boundary markers: There are no explicit delimiters or instructions provided to the agent to disregard embedded commands within the ingested materials.
  • Capability inventory: The skill has the capability to exfiltrate the processed data to the vendor's API endpoint via the scripts/run.py script.
  • Sanitization: There is no evidence of sanitization, escaping, or validation of the external content before it is processed by the AI components.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 20, 2026, 07:58 AM
Security Audit — agent-trust-hub — lark-sheets