lark-base
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a standard administrative toolset for Lark Base. It provides clear, technical documentation for interacting with the Lark Open API via a dedicated CLI tool.
- [PROMPT_INJECTION]: The skill uses instructional markers like 'MUST READ', 'IMPORTANT', and 'CAUTION' to ensure the agent follows correct technical workflows and prevents data errors. These are legitimate operational constraints and do not attempt to bypass agent safety filters.
- [DATA_EXPOSURE]: The skill documentation correctly handles identifiers such as base tokens and open_ids. It provides specific instructions on how to extract these from URLs and warns against common mistakes that could lead to authorization errors.
- [COMMAND_EXECUTION]: All command patterns follow the 'lark-cli base +...' syntax, which is the intended interface for this skill. There are no instances of arbitrary shell execution, sudo usage, or high-risk commands.
- [INDIRECT_PROMPT_INJECTION]: The skill includes an attack surface for indirect injection as it reads data from Lark records. However, the instructions emphasize using structured JSON and strict field mapping, which are good practices to mitigate the risk of data being misinterpreted as commands.
Audit Metadata