lark-event
Pass
Audited by Gen Agent Trust Hub on May 27, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill facilitates the ingestion of untrusted external data (Lark/Feishu event payloads, such as chat messages) into the agent's context, creating a surface for indirect prompt injection.\n
- Ingestion points: Event data consumed via
lark-cli event consumein NDJSON format, specificallyim.message.receive_v1.\n - Boundary markers: No specific boundary markers or instructions to ignore embedded commands are documented to isolate the ingested event content from the agent's operational instructions.\n
- Capability inventory: The agent using this skill typically has access to
lark-cliwhich allows for sending messages, reading contacts, and other interactive capabilities as referenced in the skill's dependencies.\n - Sanitization: No explicit sanitization or filtering of the event content is suggested beyond structural transformation using
jq.
Audit Metadata