feishu-channel
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHNO_CODEPROMPT_INJECTION
Full Analysis
- [NO_CODE] (MEDIUM): The primary execution script 'scripts/feishu-webhook.js' defined in package.json is missing from the provided skill files, making it impossible to perform a code-level security audit of the actual logic.
- [Indirect Prompt Injection] (HIGH): The skill architecture creates a significant attack surface for indirect prompt injection. 1. Ingestion points: Untrusted message content from the Feishu 'im.message.receive_v1' event. 2. Boundary markers: No delimiters or 'ignore embedded instruction' warnings are defined in the configuration or docs. 3. Capability inventory: Network communication with external AI gateways via Axios, with potential downstream write capabilities in connected automation tools. 4. Sanitization: Absent; the project's 'TODO.md' explicitly identifies event verification, whitelisting, and filtering as pending security tasks.
- [CREDENTIALS_UNSAFE] (LOW): The .env.example file follows security best practices by using placeholders for sensitive Feishu API secrets and verification tokens.
Recommendations
- AI detected serious security threats
Audit Metadata