100Critical
The skill allows prompt injection, executes host commands via `
Behavior Analysis
Description verified — behavior matches claim
Claims to do
whiteboard (v1): **CRITICAL — 开始前 MUST 先用 Read 工具读取 [`../lark-shared/SKILL.md`](../lark-shared/SKILL.md),其中包含认证、权限处理**
Actually does
This skill executes the `lark-cli whiteboard` command to query and update Feishu whiteboards. It can retrieve whiteboard content as preview images, PlantUML/Mermaid code, or raw OpenAPI format, and can update whiteboards using these formats. It also integrates with the `lark-doc` skill to fetch whiteboard tokens from cloud documents and create new blank whiteboards.
Skill Info
Namelarksuite/cli/lark-whiteboard
Registrygithub
Version5fa68ccaa04e
PURLpkg:github/larksuite/cli@5fa68ccaa04e?skill=lark-whiteboard
Stars7,923
Installs56,900
Source
SHA-256fa4ad6d3c8c6...
SHA-11ac1249c5705...
MD5914bb363f12a...
TLSH841200041c3b...
ssdeep96:HJ62uxg63...
Size9,034 bytes
Install
This skill has been flagged as potentially malicious. Review the findings below before installing.
Skills.shDocs
npx skills add https://github.com/larksuite/cli --skill lark-whiteboardAssessments (3)
AI Agent Traps ↗Prompt Injection Detectedcriticalprompt injection
DeBERTa classifier detected prompt injection (confidence: 0.93)
93% confidence
Command Execution via external binary (lark-cli)highcommand execution
The skill explicitly declares and uses the `lark-cli` binary for all core functionalities, enabling command execution on the host system.
100% confidenceline 7
requires: bins: [ "lark-cli" ]
Broad Data Access and Manipulation of Whiteboardsmediumdata exfiltration, impact
The skill provides extensive capabilities to query and update whiteboard content, including raw OpenAPI structures, allowing broad access and manipulation of potentially sensitive data within cloud documents.
90% confidenceline 40
`+query --output_as raw` ... `+update --input_format raw`
Integration with lark-doc for Document Manipulationmediumdata exfiltration, impact
The skill integrates with `lark-doc` to fetch and update cloud documents, extending its data manipulation capabilities to full document content, not just whiteboards.
80% confidenceline 77
使用 `lark-doc` 的 [`+fetch`](../lark-doc/references/lark-doc-fetch.md) 获取文档内容
Potential XML Injection Hint in Dependent Skilllowprompt injection
The skill explicitly instructs the agent not to escape XML tags when creating new whiteboards via `lark-doc +update`, which could hint at an XML injection vulnerability in the dependent `lark-doc` skill.
70% confidenceline 87
注意这一 XML 标签不要转义
Semantic Manipulation & Supply Chain Dependencymediumoversight evasion, supply chain, rag poisoning
The skill uses strong directives ('CRITICAL', 'MUST') to instruct the agent to read external documentation for sensitive information (auth/permissions), creating a supply chain dependency that could be exploited if the external resource is compromised.
90% confidenceline 15
CRITICAL — 开始前 MUST 先用 Read 工具读取 [`../lark-shared/SKILL.md`](../lark-shared/SKILL.md),其中包含认证、权限处理
Badge
Markdown
[](https://mondoo.com/ai-agent-security/skills/github/larksuite/cli/lark-whiteboard)HTML
<a href="https://mondoo.com/ai-agent-security/skills/github/larksuite/cli/lark-whiteboard"><img src="https://mondoo.com/ai-agent-security/api/badge/github/larksuite/cli/lark-whiteboard.svg" alt="Mondoo Skill Check" /></a>Image URL
https://mondoo.com/ai-agent-security/api/badge/github/larksuite/cli/lark-whiteboard.svgSecure your AI agents
Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.
- Continuous scanning of skills across all registries
- Policy enforcement before skills reach your agents
- Integration with your existing security workflow