feishu-tasks
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFECREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE] (LOW): The skill manages high-privilege OAuth credentials, including 'app_secret', 'user_access_token', and 'refresh_token', stored at '~/.feishu-credentials.json'. While required for the skill's core functionality, plain-text storage of these secrets is a security risk.
- [COMMAND_EXECUTION] (LOW): Operation is handled via shell scripts that execute 'curl' and 'jq'. This includes a minor security flaw in 'scripts/refresh_token.sh' where a predictable temporary file path ('/tmp/creds_new.json') is used during token updates, which can be vulnerable to symlink attacks in multi-user environments.
- [PROMPT_INJECTION] (LOW): The skill is vulnerable to indirect prompt injection from data retrieved from the Feishu API (task summaries and descriptions). Ingestion points: 'scripts/list_tasks.sh' and 'scripts/get_task.sh'. Boundary markers: None are used to delimit external data from agent instructions. Capability inventory: Shell command execution for creating and modifying tasks and making network requests. Sanitization: No escaping or validation is performed on the data fetched from the API before it is processed by the agent.
Audit Metadata