feishu-doc
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
bashtool to execute a local Python script (skills/feishu-cli/run.py) for its core operations. User-controlled inputs like document titles or markdown content are passed as JSON strings within shell commands, which could present a risk of command injection if the agent does not properly escape characters like single quotes in the input.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes content from external, untrusted Feishu documents.\n - Ingestion points: Document content is ingested via
read_contentandlist_blocksactions inSKILL.md.\n - Boundary markers: The instructions lack explicit boundary markers or delimiters to help the agent distinguish document data from system instructions.\n
- Capability inventory: The skill has capabilities to write to documents, create nodes, and execute shell commands via
bash.\n - Sanitization: There is no evidence of sanitization or validation of the external content before it is processed by the agent.
Audit Metadata