lark-minutes
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill performs legitimate operations for managing Lark/Feishu Minutes using official vendor tools. All actions align with the described functionality.- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes external content like transcripts and AI-generated summaries.
- Ingestion points: Minutes metadata and AI-generated content (summaries, tasks) retrieved via
lark-cli(SKILL.md). - Boundary markers: None explicitly defined in the instructions.
- Capability inventory: File download to local storage and file upload to cloud storage via
lark-cli(lark-minutes-download.md, lark-minutes-upload.md). - Sanitization: No specific content validation is documented.
- Analysis: This surface is inherent to productivity tools and is considered safe in this context as no malicious instructions are present in the skill's logic.- [COMMAND_EXECUTION]: The skill triggers
lark-clicommands using structured arguments based on specific identifiers (minute tokens and file tokens), following the vendor's documented API structure.
Audit Metadata