feishu-docx-powerwrite
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [SAFE]: No malicious patterns or security threats were detected. The skill behavior is consistent with its stated purpose of document generation and formatting.
- [COMMAND_EXECUTION]: The skill utilizes local scripts (feishu_table.py) and shell commands (exec heredoc) to perform intended document formatting and file management tasks as described in the workflow.
- [EXTERNAL_DOWNLOADS]: Installation instructions refer to the author's official GitHub repository (github.com/ASauler/skill-feishu-docx-powerwrite), which is a legitimate vendor resource for this skill.
- [PROMPT_INJECTION]: The skill processes user-supplied content to generate documents, creating a standard surface for indirect prompt injection. * Ingestion points: Document content provided by the user (SKILL.md). * Boundary markers: None explicitly mentioned for user input. * Capability inventory: Calls Feishu API tools (feishu_doc) and performs local file writing via exec heredoc (SKILL.md). * Sanitization: Includes logic to escape $ symbols to prevent unintended LaTeX parsing (SKILL.md, scripts/validate.js).
Audit Metadata