lark-drive
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted data from Lark documents and user comments while maintaining high-impact capabilities such as file deletion and permission modification, creating a surface for indirect prompt injection attacks.
- Ingestion points: The skill retrieves external content through comment listings (
lark-drive-reactions.md) and document fetching mechanisms (referenced inlark-drive-add-comment.md). - Boundary markers: Absent. The instructions do not include markers or directives to separate retrieved data from agent instructions or to ignore embedded commands.
- Capability inventory: The skill possesses extensive write and delete capabilities, including
+delete(file/folder removal),+move(file relocation), andpermission.members(permission grants and owner transfers). - Sanitization: Absent. There is no evidence of data validation or sanitization before external content is processed by the agent.
- [COMMAND_EXECUTION]: The skill utilizes the
lark-clibinary to perform all Drive operations. This includes administrative actions liketransfer_ownerandpermission.members.create, which are consistent with the skill's primary purpose of cloud storage management.
Audit Metadata