Skills
skills/aaaaqwq/agi-super-team/feishu-automation/Gen Agent Trust Hub

feishu-automation

Pass

Audited by Gen Agent Trust Hub on Apr 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill makes extensive use of shell commands including curl for API interactions, python3 -c for JSON processing, and npx for package execution during setup.
  • [DATA_EXFILTRATION]: The skill is designed to transmit local data, specifically Markdown files, to Feishu's external servers (open.feishu.cn) through the md2feishu.sh script.
  • [CREDENTIALS_UNSAFE]: The feishu-mcp-setup.js script is designed to collect and write Feishu API credentials (app_id and app_secret) into the global ~/.claude.json configuration file in plain text.
  • [PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection as it processes untrusted data from external sources.
  • Ingestion points: Functions in feishu_api.py such as get_bitable_records, get_doc, and list_chats read data from the Feishu platform.
  • Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are present when processing external data.
  • Capability inventory: The skill has access to powerful tools including Bash, Write, and Edit which could be abused if malicious instructions are ingested.
  • Sanitization: There is no evidence of sanitization or validation of the content retrieved from Feishu before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 17, 2026, 02:47 AM