Feishu Audio Message
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXFILTRATION]: The skill transmits audio content and application credentials to the official Feishu Open API (open.feishu.cn). This is consistent with the skill's stated purpose and targets a well-known service.
- [COMMAND_EXECUTION]: The skill executes local system commands ffmpeg and ffprobe to perform audio conversion and metadata extraction. These operations are necessary for the skill's primary function and use properly quoted variable interpolation.
- [EXTERNAL_DOWNLOADS]: The documentation references the installation of ffmpeg via standard package managers like Homebrew or APT. This is a well-known third-party dependency required for the skill's functionality.
- [CREDENTIALS_UNSAFE]: While the skill allows passing Feishu credentials via command-line arguments—which can be visible in system process lists—it also correctly supports and encourages the use of environment variables for more secure credential handling.
Audit Metadata