Skills
skills/shunsukehayashi/lark-harness/lark-workflow-standup-report/Gen Agent Trust Hub

lark-workflow-standup-report

Pass

Audited by Gen Agent Trust Hub on May 1, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill invokes the lark-cli binary to retrieve calendar agendas and task lists, which is the primary intended function for generating reports.
  • [PROMPT_INJECTION]: The skill processes external content from calendar events and tasks. This creates an indirect prompt injection surface, though risk is minimal as the skill lacks exploitable capabilities like arbitrary network or file system access.
  • Ingestion points: Results from lark-cli calendar and task commands in SKILL.md.
  • Boundary markers: Not present.
  • Capability inventory: Subprocess calls to lark-cli for data retrieval.
  • Sanitization: Not present.
Audit Metadata
Risk Level
SAFE
Analyzed
May 1, 2026, 10:36 AM