lark-base
Pass
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill presents a potential surface for indirect prompt injection. 1. Ingestion points: Reads and processes record data, field definitions, and view configurations from Lark Bitable as described in references/lark-base-record-read-sop.md. 2. Boundary markers: The skill lacks explicit delimiters or specific instructions to ignore embedded commands within the ingested Bitable content. 3. Capability inventory: The skill utilizes lark-cli to perform powerful write and delete operations, including record updates (references/lark-base-record-upsert.md), table deletion (references/lark-base-table-delete.md), and workflow management (references/lark-base-workflow-update.md). 4. Sanitization: No explicit sanitization or filtering of external record content is defined before the data is used in subsequent agent logic.
- [COMMAND_EXECUTION]: Orchestrates various administrative and data management tasks by executing the lark-cli system binary.
Audit Metadata