lark
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: A prompt injection pattern was heuristically detected in
references/lark-mail.md. However, manual review confirms this is a defensive security rule intended to protect the agent. The text explicitly warns the agent to ignore phrases like 'Ignore previous instructions' when encountered within the body of an email, treating such content as untrusted data rather than system commands. - [PROMPT_INJECTION]: The skill includes a robust security section in
references/lark-mail.mdaddressing indirect prompt injection. It instructs the agent to strictly separate user intent from processed data and mandates user confirmation before executing any sensitive actions (like sending or deleting emails) requested by external content. This proactively mitigates the surface area for indirect injection attacks. - [EXTERNAL_DOWNLOADS]: The skill references downloading image assets via
curlfrom user-specified URLs and suggests updating the tool vianpmfrom the@larksuitescope. These operations are performed from well-known service providers and official registries, which is expected behavior for this type of productivity integration.
Audit Metadata