lark-vc
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill uses the lark-cli tool to interact with Lark's video conferencing APIs. All operations trace back to the vendor's infrastructure and are consistent with the skill's stated purpose of managing meeting-related assets.
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface:
- Ingestion points: Meeting transcripts and AI-generated notes are ingested into the agent context via
lark-cli docs +fetchinSKILL.mdandreferences/lark-vc-notes.md. - Boundary markers: None identified; the instructions do not provide specific delimiters or ignore-instructions for the agent when processing raw transcript content.
- Capability inventory: The skill can perform Lark API operations via
lark-cliand write files to the local system using the+media-downloadand--output-dircommands. - Sanitization: There is no mention of content sanitization or validation for the meeting data before it is processed by the agent for summarization or task extraction tasks.
Audit Metadata