Skip to content

Document mail allow/block sender commands#1741

Open
qiooo wants to merge 1 commit into
larksuite:mainfrom
qiooo:feat/99dc114
Open

Document mail allow/block sender commands#1741
qiooo wants to merge 1 commit into
larksuite:mainfrom
qiooo:feat/99dc114

Conversation

@qiooo

@qiooo qiooo commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

Updates the mail command references so user mailbox allow/block sender operations are documented and discoverable.

  • Adds allow/block sender concepts and command coverage to the mail domain guidance.
  • Refreshes the lark-mail skill docs with list, batch_set, and batch_delete command entries.
  • Includes parameter and dry-run examples for the generated commands.

Summary by CodeRabbit

  • Documentation
    • 补充并扩展了邮件使用指南,加入发件人黑白名单、模板应用、HTML 内容处理、以及原生接口使用说明。
    • 新增发送前确认、发送后状态检查、定时发送与取消等操作规范,增强使用指引的完整性。
    • 更新了可用邮箱、别名发送与权限参考信息,便于更准确地完成邮件操作。

@github-actions github-actions Bot added domain/mail PR touches the mail domain size/L Large or sensitive change across domains or core paths labels Jul 3, 2026
@coderabbitai

coderabbitai Bot commented Jul 3, 2026

Copy link
Copy Markdown

Review Change Stack

Caution

Review failed

An error occurred during the review process. Please try again later.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@skills/lark-mail/SKILL.md`:
- Around line 741-746: The sender-list scope table is over-permissive because
the `user_mailbox.allow_senders.list` and `user_mailbox.blocked_senders.list`
entries are read-only but are currently mapped to
`mail:user_mailbox.message:modify`. Update the permission mapping in `SKILL.md`
so the `list` rows use the appropriate readonly scope, while keeping
`mail:user_mailbox.message:modify` only for
`user_mailbox.allow_senders.batch_create`,
`user_mailbox.allow_senders.batch_remove`,
`user_mailbox.blocked_senders.batch_create`, and
`user_mailbox.blocked_senders.batch_remove`.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 388ab9b8-c34e-4bbe-b341-fa372212029c

📥 Commits

Reviewing files that changed from the base of the PR and between a1506cd and c23d583.

📒 Files selected for processing (2)
  • skill-template/domains/mail.md
  • skills/lark-mail/SKILL.md

Comment thread skills/lark-mail/SKILL.md
Comment on lines +741 to +746
| `user_mailbox.allow_senders.list` | `mail:user_mailbox.message:modify` |
| `user_mailbox.allow_senders.batch_create` | `mail:user_mailbox.message:modify` |
| `user_mailbox.allow_senders.batch_remove` | `mail:user_mailbox.message:modify` |
| `user_mailbox.blocked_senders.list` | `mail:user_mailbox.message:modify` |
| `user_mailbox.blocked_senders.batch_create` | `mail:user_mailbox.message:modify` |
| `user_mailbox.blocked_senders.batch_remove` | `mail:user_mailbox.message:modify` |

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔒 Security & Privacy | 🟠 Major | ⚡ Quick win

Split read-only sender-list lookups from write scopes.

allow_senders.list and blocked_senders.list are read-only operations, but the table assigns them mail:user_mailbox.message:modify. That overstates the required permission and will force callers to request write access just to inspect the lists. Keep modify for batch_create / batch_remove, and map the list rows to a readonly scope instead.

🧰 Tools
🪛 SkillSpector (2.3.7)

[error] 33: [P1] Instruction Override: This pattern attempts to override system instructions or ignore safety constraints. Without LLM analysis, manual review is recommended.

Remediation: Remove or rewrite any text that instructs the agent to ignore prompts, override safety rules, or trust unverified content. Ensure skill content cannot be injected to alter agent behavior.

(Prompt Injection (P1))

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@skills/lark-mail/SKILL.md` around lines 741 - 746, The sender-list scope
table is over-permissive because the `user_mailbox.allow_senders.list` and
`user_mailbox.blocked_senders.list` entries are read-only but are currently
mapped to `mail:user_mailbox.message:modify`. Update the permission mapping in
`SKILL.md` so the `list` rows use the appropriate readonly scope, while keeping
`mail:user_mailbox.message:modify` only for
`user_mailbox.allow_senders.batch_create`,
`user_mailbox.allow_senders.batch_remove`,
`user_mailbox.blocked_senders.batch_create`, and
`user_mailbox.blocked_senders.batch_remove`.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

domain/mail PR touches the mail domain size/L Large or sensitive change across domains or core paths

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant