contact (v1)

Name: cli/lark-contact
Author: larksuite

View on GitHub↗

Share on X Share on LinkedIn Share on Bluesky

70High

The skill is vulnerable to RAG/memory poisoning

ThreatsCI SM CS BC S HITL

Behavior Analysis

Mismatch detected — The stated purpose includes 'query organization structure', but the skill's explicit shortcuts only cover searching for individual users and retrieving their information, not directly querying the organizational hierarchy.

Claims to do

contact (v1): **CRITICAL — 开始前 MUST 先用 Read 工具读取 [`../lark-shared/SKILL.md`](../lark-shared/SKILL.md)，其中包含认证、权限处理**

Actually does

The skill acts as an interface to the `lark-cli` command-line tool, specifically its `contact` subcommand. It provides shortcuts to execute `lark-cli contact +search-user` for searching employees and `lark-cli contact +get-user` for retrieving user details. It also allows running `lark-cli contact --help`.

Threat Analysis

AI Agent Traps ↗Scanned 4/15/2026

Content InjectionPerceptionclean

Semantic ManipulationReasoning1 finding

Cognitive StateMemory & Learning1 finding

Behavioural ControlActionclean

SystemicMulti-Agent Dynamicsclean

Human-in-the-LoopHuman Overseerclean

Skill Info

Namelarksuite/cli/lark-contact

Registrygithub

Version5fa68ccaa04e

PURLpkg:github/larksuite/cli@5fa68ccaa04e?skill=lark-contact

Stars7,923

Installs56,800

Source

Repository ↗SKILL.md ↗

SHA-256807a24a43285...

SHA-1df45f2da2fab...

MD5afcbae6f15cc...

TLSH101128825c97...

Size1,053 bytes

Install

This skill has been flagged as potentially malicious. Review the findings below before installing.

GitHub

https://github.com/larksuite/cli/tree/main/skills/lark-contact

56,800 installs

Skills.shDocs

npx skills add https://github.com/larksuite/cli --skill lark-contact

Assessments (2)

AI Agent Traps ↗

Mandatory pre-task file read for authentication/permissionshighrag poisoning

The agent is explicitly instructed to read `../lark-shared/SKILL.md` before execution, with the file described as containing 'authentication, permission handling'. This could be used to poison the agent's RAG/memory with attacker-controlled instructions, manipulate its understanding of permissions, or harvest credentials if the file is compromised. The 'CRITICAL' and 'MUST' are semantic manipulation tactics.

100% confidenceline 13

**CRITICAL — 开始前 MUST 先用 Read 工具读取 [`../lark-shared/SKILL.md`](../lark-shared/SKILL.md)，其中包含认证、权限处理**

Description Mismatchlowdescription mismatch

The stated purpose includes 'query organization structure', but the skill's explicit shortcuts only cover searching for individual users and retrieving their information, not directly querying the organizational hierarchy.

85% confidence

Stated purpose: '查询组织架构' (query organization structure). Shortcuts: `+search-user`, `+get-user` (search users, get user info).

Badge

Markdown

[![Mondoo Skill Check](https://mondoo.com/ai-agent-security/api/badge/github/larksuite/cli/lark-contact.svg)](https://mondoo.com/ai-agent-security/skills/github/larksuite/cli/lark-contact)

HTML

<a href="https://mondoo.com/ai-agent-security/skills/github/larksuite/cli/lark-contact"><img src="https://mondoo.com/ai-agent-security/api/badge/github/larksuite/cli/lark-contact.svg" alt="Mondoo Skill Check" /></a>

Image URL

https://mondoo.com/ai-agent-security/api/badge/github/larksuite/cli/lark-contact.svg

Secure your AI agents

Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.

Continuous scanning of skills across all registries
Policy enforcement before skills reach your agents
Integration with your existing security workflow