lark-markdown
Pass
Audited by Gen Agent Trust Hub on May 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
lark-clibinary to perform operations on the Lark platform. This tool is identified as an official vendor resource for the 'larksuite' author. - [EXTERNAL_DOWNLOADS]: The skill requires the
lark-clisystem binary to be present on the host environment as declared in the metadata field ofSKILL.md. - [DATA_EXFILTRATION]: The skill includes capabilities to read local files and upload them to the Lark Drive via commands like
+createand+overwrite, and to download files from the cloud to the local file system using+fetch. These operations are consistent with the skill's primary purpose of file management. - [PROMPT_INJECTION]: The skill processes external data (Markdown content) from the Lark Drive using the
+fetchcommand, which creates a surface for indirect prompt injection if documents contain malicious instructions. - Ingestion points: Content is retrieved via
lark-cli markdown +fetch(documented inreferences/lark-markdown-fetch.md). - Boundary markers: None identified in the provided documentation to distinguish between fetched content and instructions.
- Capability inventory: The agent can read and write files and perform cloud operations via the
lark-clitool. - Sanitization: No specific sanitization or validation of the fetched Markdown content is mentioned in the documentation.
Audit Metadata