skills/larksuite/cli/lark-note/Snyk

lark-note

Warn

Audited by Snyk on Jun 12, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (medium risk: 0.65). 该 skill 的运行时 LLM 上下文主要来自 docs +fetch --api-version v2 --doc <note_doc_token|verbatim_doc_token> 拉取的纪要/逐字稿正文；这些内容属于文档系统中“非用户自行撰写”的外部文本（如会议纪要由他人产生），因此存在把 outsider 自由文本喂入 LLM 的间接提示注入风险。

Issues (1)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata

Risk Level

MEDIUM

Analyzed

Jun 12, 2026, 07:39 PM

Issues

1

Security Audit — snyk — lark-note