Skills
skills/httprunner/skills/feishu-bitable-task-manager/Gen Agent Trust Hub

feishu-bitable-task-manager

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFE
Full Analysis
  • COMMAND_EXECUTION (SAFE): The skill executes local TypeScript scripts using tsx via npx. These scripts are part of the skill package and perform intended management tasks.
  • EXTERNAL_DOWNLOADS (SAFE): All dependencies listed in package.json are standard npm packages. No unverified external scripts or binaries are downloaded or executed at runtime.
  • DATA_EXPOSURE (SAFE): The skill interacts with Feishu API endpoints which is its primary purpose. Sensitive credentials like FEISHU_APP_ID and FEISHU_APP_SECRET are correctly required as environment variables rather than being hardcoded.
  • INDIRECT_PROMPT_INJECTION (SAFE): The skill processes data from external JSONL files and Feishu tables. 1. Ingestion points: scripts/bitable_task.ts (via --input) and scripts/drama_sync_task.ts (via --bitable-url). 2. Boundary markers: None. 3. Capability inventory: Network requests to Feishu API and local file system reads. 4. Sanitization: Inputs are mapped to specific structured fields within the Bitable schema, which mitigates the risk of command or instruction injection.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:13 PM