feishu-doc-optimizer
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes content from external Feishu documents which could contain malicious instructions designed to subvert the agent's behavior.
- Ingestion points: Document content is fetched from the Feishu API using the
scripts/feishu_doc_reader.pyscript. - Boundary markers: No boundary markers or protective instructions are used to separate the document data from the agent's system instructions.
- Capability inventory: The
scripts/feishu_doc_editor.pyscript uses Playwright to automate a browser session, enabling it to clear existing document content (via Ctrl+A and Backspace) and input new text. This is a powerful capability that could be misused if the agent is misled by the document content. - Sanitization: There is no evidence of sanitization or validation of the ingested document content before it is processed by the agent or written back to the document.
Audit Metadata