skills/larksuite/cli/lark-doc/Gen Agent Trust Hub

lark-doc

Pass

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill requires the lark-cli binary and executes it with various subcommands to interact with the Lark Docx API. It also utilizes system utilities such as xclip, wl-paste, or xsel on Linux to access the system clipboard for inserting images.
  • [DATA_EXFILTRATION]: The skill fetches document content and media resources from the Lark platform. While this involves moving data from the cloud to the agent's environment, it is the primary function of the skill and occurs over the vendor's official API channels.
  • [EXTERNAL_DOWNLOADS]: The skill facilitates downloading images, file attachments, and whiteboard thumbnails from Lark's servers to the local file system. It also supports the insertion of images into documents via remote web URLs.
  • [PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection because it ingests untrusted document content using the +fetch command. While the skill uses structured XML and Markdown for content delimitation, maliciously crafted document content could theoretically attempt to influence the agent's subsequent planning or execution steps.
  • [COMMAND_EXECUTION]: The lark-doc-create tool includes logic to automatically grant full_access permissions to the current authenticated CLI user when a document is created using a bot identity, facilitating automated workflow management.
Audit Metadata
Risk Level
SAFE
Analyzed
May 16, 2026, 03:05 AM
Security Audit — agent-trust-hub — lark-doc