feishu-task
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The
feishu_task_attachment_uploadtool supports afile_pathparameter, allowing the agent to read local files on the system to upload them as attachments. This could lead to the exposure of sensitive configuration files or credentials if the agent is misled. - [DATA_EXFILTRATION]: The
feishu_task_attachment_uploadtool also accepts afile_url, which enables the agent to fetch remote content. This functionality can be misused for SSRF (Server-Side Request Forgery) or data exfiltration to external, attacker-controlled servers. - [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection attacks.
- Ingestion points: Untrusted content is ingested into the agent context through the
feishu_task_get,feishu_task_comment_list, andfeishu_tasklist_gettools as defined in theSKILL.mdfile. - Boundary markers: The skill documentation does not define delimiters or specific instructions to help the model distinguish between system instructions and data retrieved from external sources.
- Capability inventory: The skill possesses powerful capabilities including local file reading (
feishu_task_attachment_upload), task deletion (feishu_task_delete), and tasklist management (feishu_tasklist_delete). - Sanitization: There is no indication that content retrieved from Feishu is sanitized or validated before being processed by the agent.
Audit Metadata