lark-sheets
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface through its spreadsheet reading capabilities.\n
- Ingestion points: Data is read from external Lark spreadsheets into the agent's context via
lark-cli sheets +readandlark-cli sheets +info(SKILL.md, references/lark-sheets-read.md).\n - Boundary markers: The instructions do not define delimiters or specific warnings to ignore instructions contained within the retrieved spreadsheet data.\n
- Capability inventory: The skill possesses broad write capabilities, including modifying cell values, deleting rows/columns, and exporting data using
lark-cli(SKILL.md).\n - Sanitization: No validation or sanitization of the content retrieved from external spreadsheets is performed before ingestion.\n- [COMMAND_EXECUTION]: The skill utilizes shell-based execution for all
lark-clioperations. This includes local file system interactions such as exporting spreadsheets to local paths (references/lark-sheets-export.md) and reading local image files for upload (references/lark-sheets-write-image.md).
Audit Metadata