lark-markdown
Pass
Audited by Gen Agent Trust Hub on May 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs all Markdown operations by executing the
lark-clibinary. This is standard functionality for this vendor-provided integration. - [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection because it ingests untrusted content from remote files.
- Ingestion points: Remote Markdown content is brought into the agent's context through the
+fetchand+diffshortcuts as described inreferences/lark-markdown-fetch.mdandreferences/lark-markdown-diff.md. - Boundary markers: The skill does not provide instructions to the agent to use delimiters or to ignore potential instructions embedded within the fetched Markdown content.
- Capability inventory: The skill allows the agent to modify Drive content through
+create,+overwrite, and+patchcommands using thelark-clitool, which could be abused if malicious content is processed. - Sanitization: There is no evidence of sanitization or content validation for the Markdown data retrieved from the Drive.
Audit Metadata