Skills
skills/yjwong/lark-cli/contacts/Gen Agent Trust Hub

contacts

Pass

Audited by Gen Agent Trust Hub on Mar 30, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructions rely on executing the lark CLI tool to perform various administrative and lookup tasks, such as lark contact get, lark contact search, and lark auth login.
  • [PROMPT_INJECTION]: There is a potential for indirect prompt injection as the skill retrieves and processes data from an external source (the Lark API).
  • Ingestion points: Employee names, job titles, and department descriptions retrieved via search and get commands in SKILL.md.
  • Boundary markers: Absent. The instructions do not specify any delimiters or warnings to the agent to ignore potential instructions embedded in the retrieved JSON data.
  • Capability inventory: The skill allows for local shell command execution via the lark CLI tool.
  • Sanitization: Absent. There is no evidence of filtering or validation of the data returned by the API before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 30, 2026, 03:19 AM