lark-cli 共享规则

Name: cli/lark-shared
Author: larksuite

View on GitHub↗

Share on X Share on LinkedIn Share on Bluesky

100Critical

The skill uses prompt injection to execute arbitrary commands like

ThreatsCI SM CS BC S HITL

Behavior Analysis

Description verified — behavior matches claim

Claims to do

lark-cli 共享规则: 本技能指导你如何通过lark-cli操作飞书资源, 以及有哪些注意事项。

Actually does

The skill executes `lark-cli` commands for configuration initialization (`config init`), user authentication (`auth login` with `--domain` or `--scope`), and identity management (`--as user/bot`). It also provides commands to update the `lark-cli` tool and its associated skill using `npm update` and `npx skills add`. The skill guides on handling permission errors by directing users to Feishu developer console URLs or suggesting `auth login` commands.

Threat Analysis

AI Agent Traps ↗Scanned 4/15/2026

Content InjectionPerception1 finding

Semantic ManipulationReasoningclean

Cognitive StateMemory & Learningclean

Behavioural ControlAction1 finding

SystemicMulti-Agent Dynamicsclean

Human-in-the-LoopHuman Overseer1 finding

Skill Info

Namelarksuite/cli/lark-shared

Registrygithub

Version5fa68ccaa04e

PURLpkg:github/larksuite/cli@5fa68ccaa04e?skill=lark-shared

Stars7,923

Installs57,100

Source

Repository ↗SKILL.md ↗

SHA-25642823555351a...

SHA-16720de03e8e4...

MD5adebef50c77f...

TLSH4881c89e5c8f...

Size3,955 bytes

Install

This skill has been flagged as potentially malicious. Review the findings below before installing.

GitHub

https://github.com/larksuite/cli/tree/main/skills/lark-shared

57,100 installs

Skills.shDocs

npx skills add https://github.com/larksuite/cli --skill lark-shared

Assessments (3)

AI Agent Traps ↗

Prompt Injection Detectedcriticalprompt injection

DeBERTa classifier detected prompt injection (confidence: 1.00)

100% confidence

Unrestricted command execution via package managercriticalcommand execution

The skill instructs the AI to execute `npm update -g` and `npx skills add` commands. This allows for arbitrary code execution, modification of the agent's environment, and introduces a supply chain risk if the package registries or skill repositories are compromised.

100% confidenceline 85

npm update -g @larksuite/cli && npx skills add larksuite/cli -g -y

Potential for human social engineering via update promptsmediumhuman social engineering

The skill instructs the agent to "proactively suggest to the user to update" when a new version is detected. This could be leveraged in a social engineering attack to trick a human overseer into approving a malicious update, especially when combined with the critical command execution vulnerability.

80% confidenceline 80

主动提议帮用户更新

Badge

Markdown

[![Mondoo Skill Check](https://mondoo.com/ai-agent-security/api/badge/github/larksuite/cli/lark-shared.svg)](https://mondoo.com/ai-agent-security/skills/github/larksuite/cli/lark-shared)

HTML

<a href="https://mondoo.com/ai-agent-security/skills/github/larksuite/cli/lark-shared"><img src="https://mondoo.com/ai-agent-security/api/badge/github/larksuite/cli/lark-shared.svg" alt="Mondoo Skill Check" /></a>

Image URL

https://mondoo.com/ai-agent-security/api/badge/github/larksuite/cli/lark-shared.svg

Secure your AI agents

Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.

Continuous scanning of skills across all registries
Policy enforcement before skills reach your agents
Integration with your existing security workflow