feishu
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes data from external Feishu environments (messages, documents, and transcripts) that may contain hidden instructions.
- Ingestion points: Untrusted data enters the agent context via 'RawContentDocumentRequest' for documents, 'GetMinuteTranscriptRequest' for meeting minutes, and message retrieval in 'SKILL.md'.
- Boundary markers: The skill does not define specific delimiters or 'ignore' instructions to separate retrieved content from the agent's own command logic.
- Capability inventory: The skill has broad capabilities including 'client.im.v1.message.create' to send messages, 'client.docx.v1.document.create' for document creation, and task management.
- Sanitization: No sanitization, escaping, or validation logic is present to ensure that external content is treated strictly as data.
Audit Metadata