lark-sheets
Pass
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides a Python execution script at
scripts/run.pywhich is designed to be run locally by the user to interact with the service API. - [EXTERNAL_DOWNLOADS]: The execution script
scripts/run.pyperforms network requests tohttps://ai-skills.ai/api/execute. This endpoint is used to send the user-provided parameters and receive analysis results. This domain is associated with the skill's own infrastructure. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data provided by users through several fields.
- Ingestion points: Untrusted data enters the agent context through the
materialText,materialFile, andmaterialUrlfields defined inreferences/form-schema.json. - Boundary markers: There are no explicit delimiters or instructions provided to the agent to disregard embedded commands within the ingested materials.
- Capability inventory: The skill has the capability to exfiltrate the processed data to the vendor's API endpoint via the
scripts/run.pyscript. - Sanitization: There is no evidence of sanitization, escaping, or validation of the external content before it is processed by the AI components.
Audit Metadata