lark-im
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns detected. The skill's behavior is entirely consistent with its stated purpose of managing Lark/Feishu IM communications. External resources and API calls are directed to the vendor's own infrastructure.
- [COMMAND_EXECUTION]: The skill utilizes the
lark-clibinary to execute tasks. Inlark-im-messages-resources-download.md, the download functionality includes a specific restriction prohibiting directory traversal (..) in the output path, which is a key security control. - [PROMPT_INJECTION]: The skill has an inherent surface for indirect prompt injection since it reads and processes chat messages from external users.
- Ingestion points:
+chat-messages-list,+messages-search, and+threads-messages-listfetch untrusted content from chat conversations. - Boundary markers: Not present in the instruction text for data processing.
- Capability inventory: The agent can send messages (
+messages-send,+messages-reply), modify chat settings (+chat-update), and download files (+messages-resources-download) via subprocess calls tolark-cli. - Sanitization: The skill relies on internal normalization of content by the CLI tool.
- Mitigation: The instructions explicitly mandate that the agent must obtain user approval before any write operations (sending messages or modifying groups), providing a robust human-in-the-loop defense against automated injection attacks.
Audit Metadata