validate-branch
Pass
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute
gitandgetlarkcommands to check the current branch and trigger workflows.\n- [EXTERNAL_DOWNLOADS]: The skill requires the@getlark/clipackage to be installed globally. As this is a vendor-provided tool, it is documented as an expected dependency for the skill's intended functionality.\n- [CREDENTIALS_UNSAFE]: The skill references theLARKCI_API_KEYenvironment variable for authentication. It follows security best practices by recommending environment-based secret management instead of hardcoding credentials.\n- [PROMPT_INJECTION]: The skill reads data from a project-local file (.claude/getlark.local.md) to configure workflow IDs and timeouts. This creates an indirect prompt injection surface where values from the file are interpolated into shell commands.\n - Ingestion points:
.claude/getlark.local.md(Step 2).\n - Boundary markers: No explicit markers are used to delimit external data within the constructed shell commands.\n
- Capability inventory: Uses both Read and Bash tools, allowing data from the file to influence execution.\n
- Sanitization: There is no instruction to validate or sanitize the YAML values before they are used as CLI arguments.
Audit Metadata