lark-calendar
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [DATA_EXFILTRATION]: The skill includes a hardcoded directory of employee names and internal Lark user IDs in 'lib/employees.mjs' and 'SKILL.md'. While this supports the name-to-ID resolution feature, it exposes internal organizational data within the skill code.
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection. 1. Ingestion points: Event and task details retrieved from the Lark API in 'lib/calendar.mjs' and 'lib/task.mjs' are processed by the agent. 2. Boundary markers: No delimiters are implemented to distinguish retrieved data from instructions. 3. Capability inventory: The skill has authenticated network access to perform CRUD operations on Lark calendars and tasks. 4. Sanitization: No input validation or instruction-filtering is applied to data fetched from the API.
Audit Metadata