feishu-attendance
Warn
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- Metadata Poisoning (MEDIUM): The _meta.json file shows a version rollback where version 1.0.9 (timestamp 1771046467353) was published after version 1.0.11 (timestamp 1770791182990). The commit history also switches between different user accounts (openclaw and clawdbot), which is a characteristic of potential supply chain tampering or unauthorized modification.
- Dynamic Execution (LOW): The skill uses relative path requiring in
lib/api.jsandlib/auth.js(../../feishu-common) to load functionality from outside the skill package. This makes the skill's behavior dependent on an external environment that cannot be verified from the skill's own source code. - Indirect Prompt Injection (LOW): The skill ingests untrusted user data (employee names and attendance records) from Feishu APIs. • Ingestion points:
getAllUsersandgetAttendanceinlib/api.js. • Boundary markers: Absent. • Capability inventory: Messaging viasendMessageinlib/api.js. • Sanitization: None detected in the provided library files.
Audit Metadata