feishu-cli
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill facilitates the ingestion of data from external Feishu sources (Documents, Wiki, Calendar). This creates an attack surface for indirect prompt injection, where an attacker could place instructions in a shared document to manipulate the agent's actions.
- Ingestion points: External data enters through the
feishu_toolandfeishu_apifunctions inrun.pywhen retrieving document content or metadata. - Boundary markers: No specific delimiters or instructions to ignore embedded commands were found in the provided code logic.
- Capability inventory: The skill possesses broad permissions to write documents, send messages, and modify task lists, which could be abused if the agent follows instructions from retrieved data.
- Sanitization: There is no explicit sanitization of retrieved content within the analyzed files.
Audit Metadata