Skills
skills/larksuite/cli/lark-whiteboard/Gen Agent Trust Hub

lark-whiteboard

Pass

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses lark-cli to manage documents and whiteboards within the Lark platform. It also executes npx commands to run the @larksuite/whiteboard-cli utility for rendering and format conversion. It includes instructions for users to perform system maintenance using npx skills remove.
  • [DYNAMIC_EXECUTION]: To create complex visuals such as fishbone or treemap charts, the skill generates and runs local CommonJS (.cjs) scripts with Node.js. These scripts perform the mathematical calculations required for precise coordinate placement and output the resulting data in JSON format.
  • [EXTERNAL_DOWNLOADS]: The skill provides procedures to download images from external URLs using curl. These images are intended to be uploaded to the Lark ecosystem as media tokens for inclusion in whiteboard diagrams.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes user-supplied data (such as labels, categories, and image URLs) to populate diagram templates and layout scripts, which represents an attack surface for processing untrusted content.
Audit Metadata
Risk Level
SAFE
Analyzed
May 15, 2026, 03:05 AM
Security Audit — agent-trust-hub — lark-whiteboard