lark-workflow-meeting-summary

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill transmits user-provided text, files, and URLs to the vendor's external domain at https://ai-skills.ai. This is the intended operation of the skill to process materials through the provider's platform.
  • [COMMAND_EXECUTION]: Provides a Python runner script (scripts/run.py) designed to be executed by the user to facilitate communication with the external AI Skills API.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted external data, such as meeting transcripts and shared document content, which serves as a potential surface for indirect prompt injection.
  • Ingestion points: Untrusted data enters the agent context through the materialText, materialFile, and materialUrl parameters defined in references/form-schema.json and processed by scripts/run.py.
  • Boundary markers: The provided scripts do not implement explicit boundary markers or "ignore embedded instructions" warnings for the processed data.
  • Capability inventory: The skill's primary capability is network communication with the ai-skills.ai endpoint via the Python urllib library.
  • Sanitization: The input data is passed to the API without client-side sanitization or filtering.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 03:31 AM
Security Audit — agent-trust-hub — lark-workflow-meeting-summary