lark-doc
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands using
lark-clito perform document operations and usespython3for parsing JSON output and running local utility scripts. Evidence is found inreferences/lark-doc-mention-link.mdwhich includes a Python one-liner for block parsing and references to a local scriptscripts/lark-mention-link.pyfor document auditing. - [EXTERNAL_DOWNLOADS]: The skill facilitates the downloading of media and files from the Lark platform.
references/lark-doc-media-download.mdandreferences/lark-doc-media-preview.mddescribe shortcuts for retrieving document assets. Additionally,references/lark-doc-create.mdspecifies that the system automatically downloads images from URLs provided within markdown tags to upload them to the Lark document space. - [PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection because it retrieves and processes content from external Lark documents which may contain untrusted data.
- Ingestion points: Untrusted document content is ingested via
docs +fetchinreferences/lark-doc-fetch.mdanddocs +searchinreferences/lark-doc-search.md. - Boundary markers: The instructions do not define clear boundary markers or guidelines to ignore instructions embedded within the retrieved document content.
- Capability inventory: The skill possesses the capability to modify document content and execute shell-based tools (
lark-cli,python3). - Sanitization: There is no evidence of content sanitization or validation performed on the retrieved document data before it is presented to the agent.
Audit Metadata