feishu-lark-agent
Pass
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [DATA_EXFILTRATION]: The Python script caches the Feishu 'tenant_access_token' in a JSON file within the system's temporary directory (e.g., /tmp). This practice can expose the active session token to other users or processes on the same machine, potentially allowing unauthorized access to the Feishu API.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it retrieves and processes content from external Feishu sources, such as messages, documents, and multi-dimensional tables. This creates an attack surface where malicious data in Feishu could influence the agent's behavior.
- [COMMAND_EXECUTION]: The skill executes a Python script via the shell and sources the user's shell configuration file (~/.zshrc) to load environment variables. While necessary for operation, this pattern relies on the integrity of the user's local shell environment.
Audit Metadata