feishu-perm
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill definition is purely descriptive and contains no executable scripts or malicious instructions. It provides a standard interface for interacting with the Feishu (Lark) API for document access control.
- [INDIRECT_PROMPT_INJECTION]: The skill exposes an attack surface by defining a tool that accepts document tokens and member identifiers which may be derived from untrusted user content. * Ingestion points: The
token,type, andmember_idparameters in thefeishu_permtool definition (SKILL.md). * Boundary markers: No explicit delimiters or instructions to ignore embedded content are defined. * Capability inventory: The tool can modify document permissions, including grantingfull_accesswhich allows managing permissions for others (SKILL.md). * Sanitization: No input validation or sanitization logic is specified in the skill definition.
Audit Metadata