lark-openapi-explorer
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches documentation from
open.feishu.cnandopen.larksuite.com. These are official, well-known domains for the Feishu and Lark enterprise platforms. - [COMMAND_EXECUTION]: The skill uses the
lark-cli apitool to execute requests. The parameters for these commands, such as HTTP methods, paths, and JSON payloads, are dynamically generated based on data retrieved from external markdown documentation files. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests remote documentation content that influences the agent's subsequent tool usage and commands.
- Ingestion points: Documentation URLs (e.g.,
open.feishu.cn/llms.txt) fetched via WebFetch as described in SKILL.md. - Boundary markers: None; the skill does not use specific delimiters or instructions to ignore potential injection patterns within the documentation.
- Capability inventory: The agent can perform arbitrary API operations via
lark-cli api, including POST, PUT, and DELETE actions. - Sanitization: The skill lacks automated sanitization, relying instead on high-level instructions for the agent to extract specific fields and a manual safety rule requiring user confirmation for destructive actions.
Audit Metadata