manage
Pass
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the Bash tool to run getlark CLI commands for inspecting and modifying resources like workflows and secret contexts. To mitigate risks, the instructions require explicit user confirmation for all mutating actions such as archive, update, and delete.
- [EXTERNAL_DOWNLOADS]: The skill requires the @getlark/cli package from NPM to function. This is a vendor-owned tool used to interact with the platform's API and is a standard requirement for the skill's intended purpose.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from an external source.
- Ingestion points: JSON output from the getlark CLI is read into the agent's context (SKILL.md).
- Boundary markers: The skill does not provide specific instructions or delimiters to isolate the external data or warn the agent against executing instructions contained within it.
- Capability inventory: The Bash tool is available and can be used to execute shell commands if the agent is misled by malicious data in a resource name or metadata (SKILL.md).
- Sanitization: There is no evidence of sanitization or filtering logic applied to the data received from the CLI before it is formatted into tables.
Audit Metadata