feishu-task
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill is a standard integration for Feishu task management. It does not contain hardcoded credentials, unauthorized network communication, or any form of code obfuscation. The functionality described is consistent with the stated purpose of managing tasks within the Lark ecosystem.
- [PROMPT_INJECTION]: The skill processes untrusted data such as task summaries and descriptions retrieved from the Feishu API, which presents a surface for indirect prompt injection attacks.
- Ingestion points: Task details (summary, description, names) are ingested via the list, get, and tasks actions in SKILL.md.
- Boundary markers: The skill definition does not specify the use of delimiters or 'ignore' instructions for the processed data.
- Capability inventory: The skill includes tools to create, patch (modify), and manage task membership (add_members) as documented in SKILL.md.
- Sanitization: There are no documented sanitization or validation routines for external content.
Audit Metadata