invoke-workflow
Pass
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or unauthorized data access were detected. The skill's behavior is consistent with its stated purpose and relies on vendor-provided infrastructure.
- [COMMAND_EXECUTION]: Uses the Bash tool to execute getlark CLI commands. This is the intended mechanism for the skill's functionality and is restricted to the specific vendor's tooling.
- [EXTERNAL_DOWNLOADS]: References the @getlark/cli package as a required dependency. This is a standard package from the vendor provided via the official NPM registry.
- [CREDENTIALS_UNSAFE]: Mentions the use of LARKCI_API_KEY, but correctly instructs that it should be provided via the environment rather than hardcoded, which is a standard and safe practice.
Audit Metadata