lark-slides
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill facilitates the management of Lark Slides using the
lark-cli. All instructions are consistent with legitimate productivity workflows. - [COMMAND_EXECUTION]: Uses
lark-clifor API interactions and local Python scripts (layout_lint.py,template_tool.py) for XML validation and template processing. These commands are executed for intended business functionality and do not exhibit signs of command injection. - [EXTERNAL_DOWNLOADS]: Instructions describe a legitimate process of downloading user-provided image URLs locally before uploading them to the Lark platform媒体库 (media library) using the provided tools.
- [DATA_EXPOSURE]: Authentication is handled through standard CLI login procedures (
lark-cli auth login). The skill processes presentation metadata and content, but no sensitive system files or hardcoded credentials were accessed or exposed. - [INDIRECT_PROMPT_INJECTION]: While the skill ingests external data (Slide XML), it provides a robust defense-in-depth approach by requiring the use of a local linter (
layout_lint.py) to verify XML structure and layout before submission to the API.
Audit Metadata