Skills
skills/gen-verse/openclaw-rl/feishu-doc/Gen Agent Trust Hub

feishu-doc

Warn

Audited by Gen Agent Trust Hub on Mar 12, 2026

Risk Level: MEDIUMDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill includes tool actions that allow access to the local file system and transmission of data to external endpoints.
  • The feishu_doc tool defines upload_image and upload_file actions that accept a file_path parameter.
  • This allows the agent to read arbitrary local files (e.g., in /tmp/) and upload them to Feishu, which could be exploited for data exfiltration.
  • The tool also supports fetching and uploading content from arbitrary remote URLs.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection attacks because it processes untrusted data from external documents.
  • Ingestion points: Untrusted content is read from Feishu documents in SKILL.md via the read and list_blocks actions.
  • Boundary markers: No delimiters or safety instructions are provided to distinguish document content from the agent's core instructions.
  • Capability inventory: The agent has significant capabilities to modify or delete document content and upload new files, which could be abused if malicious instructions are encountered in a document.
  • Sanitization: The skill lacks mechanisms for sanitizing or validating document content before it is ingested into the agent's context.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 12, 2026, 02:37 AM