lark-workflow-meeting-summary
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill transmits user-provided text, files, and URLs to the vendor's external domain at https://ai-skills.ai. This is the intended operation of the skill to process materials through the provider's platform.
- [COMMAND_EXECUTION]: Provides a Python runner script (
scripts/run.py) designed to be executed by the user to facilitate communication with the external AI Skills API. - [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted external data, such as meeting transcripts and shared document content, which serves as a potential surface for indirect prompt injection.
- Ingestion points: Untrusted data enters the agent context through the
materialText,materialFile, andmaterialUrlparameters defined inreferences/form-schema.jsonand processed byscripts/run.py. - Boundary markers: The provided scripts do not implement explicit boundary markers or "ignore embedded instructions" warnings for the processed data.
- Capability inventory: The skill's primary capability is network communication with the
ai-skills.aiendpoint via the Pythonurlliblibrary. - Sanitization: The input data is passed to the API without client-side sanitization or filtering.
Audit Metadata