lark-task
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes a local binary
lark-clito perform task management operations. All write-intensive commands across the reference files (e.g.,lark-task-create.md,lark-task-update.md) include explicit 'CAUTION' blocks requiring the agent to obtain user confirmation before proceeding. - [SAFE]: No malicious patterns such as credential theft, hardcoded secrets, or multi-layer obfuscation were detected. The skill correctly identifies and handles sensitive user identity parameters, specifically instructing the agent to resolve
open_idfor 'me' requests using official methods. - [SAFE]: Analysis of indirect prompt injection surfaces:
- Ingestion points: Data is ingested via
lark-cli task list,get, and+get-my-taskscommands which fetch task summaries and descriptions (documented inSKILL.mdandlark-task-get-my-tasks.md). - Boundary markers: Absent. The instructions do not specify the use of delimiters when presenting or processing retrieved task content.
- Capability inventory: The skill possesses extensive write capabilities, including task creation, updating, and member assignment (detailed in
lark-task-create.md,lark-task-update.md, andlark-task-assign.md). - Sanitization: Absent. There is no specific instruction to sanitize or escape task content before it is interpolated into prompts.
- Evaluation: While an ingestion surface exists for indirect prompt injection via task content, the potential impact is mitigated by the mandatory requirement for user confirmation on all state-changing commands.
Audit Metadata