lark-note
Pass
Audited by Gen Agent Trust Hub on Jun 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill is designed to execute the
lark-clibinary to interact with Lark Suite services, as specified in the metadata and command routing instructions. - [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection by fetching and processing external data (meeting transcripts and notes) that could contain malicious instructions intended to influence the agent.
- Ingestion points: Meeting transcripts are ingested via the
note +transcriptcommand and stored locally in the./notes/directory. - Boundary markers: The provided files do not include explicit delimiters or instructions for the agent to ignore potential commands embedded within the retrieved transcript data.
- Capability inventory: The agent has the capability to execute shell commands via the
lark-clitool and write files to the local filesystem. - Sanitization: There is no evidence of content sanitization, escaping, or validation of the retrieved transcripts before they are integrated into the agent's context.
Audit Metadata