feishu-wiki
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill is vulnerable to Indirect Prompt Injection because it processes external data from the Feishu Wiki.
- Ingestion points: Data enters the agent context through the Feishu Wiki API during node listing and detail retrieval actions defined in
SKILL.md. - Boundary markers: The skill lacks any boundary markers or instructions to differentiate between system commands and untrusted external content.
- Capability inventory: The skill grants the agent the ability to
create,move, andrenamewiki nodes, and it specifies a dependency onfeishu_docfor reading and writing content, providing a clear path for side effects. - Sanitization: There is no logic provided to sanitize or filter the external metadata or document content before it is processed by the agent.
Recommendations
- AI detected serious security threats
Audit Metadata