feishu-docs
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted data from external cloud documents and possesses high-privilege capabilities.
- Ingestion points: Document content is ingested through commands like
feishu-docs read,feishu-docs cat, andfeishu-docs search(SKILL.md). - Boundary markers: No boundary markers or instructions to ignore embedded commands are specified when reading document content.
- Capability inventory: The skill can create, update, delete, and change sharing permissions (including public exposure) of documents via
feishu-docs create,feishu-docs update,feishu-docs delete, andfeishu-docs share(SKILL.md). - Sanitization: There is no evidence of sanitization or filtering of the content retrieved from documents before it is presented to the agent.
- [COMMAND_EXECUTION]: The skill's core functionality relies on executing the
feishu-docsCLI. While this is the intended use case, the broad scope of the tool—including the ability to delete resources and modify permissions—poses a risk if the agent is manipulated via malicious document content.
Audit Metadata