lark-doc
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill requires the
lark-clibinary and executes it with various subcommands to interact with the Lark Docx API. It also utilizes system utilities such asxclip,wl-paste, orxselon Linux to access the system clipboard for inserting images. - [DATA_EXFILTRATION]: The skill fetches document content and media resources from the Lark platform. While this involves moving data from the cloud to the agent's environment, it is the primary function of the skill and occurs over the vendor's official API channels.
- [EXTERNAL_DOWNLOADS]: The skill facilitates downloading images, file attachments, and whiteboard thumbnails from Lark's servers to the local file system. It also supports the insertion of images into documents via remote web URLs.
- [PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection because it ingests untrusted document content using the
+fetchcommand. While the skill uses structured XML and Markdown for content delimitation, maliciously crafted document content could theoretically attempt to influence the agent's subsequent planning or execution steps. - [COMMAND_EXECUTION]: The
lark-doc-createtool includes logic to automatically grantfull_accesspermissions to the current authenticated CLI user when a document is created using a bot identity, facilitating automated workflow management.
Audit Metadata