feishu-task
Pass
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns such as prompt injection, obfuscation, or persistence mechanisms were detected in the skill instructions or examples.
- [DATA_EXPOSURE]: The skill handles identifiers like
open_idandtask_guidwhich are required for the Feishu API. It follows best practices by recommending the retrieval of the user's ID (current_user_id) from the secure message context (SenderId). - [COMMAND_EXECUTION]: All tools referenced (
feishu_task_task,feishu_task_tasklist) are specialized API wrappers for the Feishu service; no arbitrary shell command execution or unauthorized system access was found. - [EXTERNAL_DOWNLOADS]: The skill does not perform any external downloads or reference third-party scripts/packages.
- [SAFE]: Indirect prompt injection risk is evaluated as minimal.
- Ingestion points: User-provided strings for task
summary,description, and tasklistname(SKILL.md). - Boundary markers: Absent.
- Capability inventory: Task/list creation, updating, member management, and deletion (SKILL.md).
- Sanitization: None mentioned, but the operations are restricted to the user's authenticated Feishu session permissions.
Audit Metadata