Skills
skills/aaaaqwq/agi-super-skills/feishu-automation/Gen Agent Trust Hub

feishu-automation

Pass

Audited by Gen Agent Trust Hub on Mar 17, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: Indirect Prompt Injection Surface.
  • Ingestion points: Data is ingested from external Feishu APIs via scripts like feishu_api.py and tools like mcp__lark-mcp_getMessages or mcp__lark-mcp_getDoc.
  • Boundary markers: Absent. There are no clear delimiters or instructions to the agent to ignore potentially malicious commands embedded in the retrieved Feishu content.
  • Capability inventory: The skill is granted access to the Bash, Write, and Edit tools, allowing for command execution and filesystem changes based on processed data.
  • Sanitization: Absent. The skill does not implement specific sanitization or filtering for content retrieved from external sources before it enters the agent's context.
  • [COMMAND_EXECUTION]: The skill includes multiple shell scripts (feishu-send.sh, scripts/md2feishu.sh, feishu-mcp-setup.sh) intended to automate operations via the Bash tool. This functionality is consistent with the skill's primary purpose.
  • [EXTERNAL_DOWNLOADS]: The setup script feishu-mcp-setup.js utilizes npx to fetch and run the official @larksuiteoapi/lark-mcp package. This is a standard installation method for the official Feishu MCP integration.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 17, 2026, 06:03 AM