feishu-task
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill implementation facilitates indirect prompt injection via its automated heartbeat monitoring architecture. User-provided task titles and descriptions are aggregated into text snapshots that are subsequently processed by language models in a two-stage (Triage and Action) background process.
- Ingestion points: User-contributed content enters the system through chat interactions that trigger task creation and updates in
SKILL.md. - Boundary markers: The skill documentation and scripts do not define delimiters or instructions to prevent the model from obeying instructions embedded within task data.
- Capability inventory: The
scripts/task_ctl.pytool provides extensive permissions, including the ability to modify, delete, and reassign tasks and tasklists. - Sanitization: The system does not appear to sanitize or validate user-supplied strings before they are incorporated into snapshots for model analysis.
Audit Metadata