feishu-doc
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill's primary function is to ingest data from external documents which are converted into Markdown for the AI agent. This allows for potential exploitation if an ingested document contains malicious instructions for the agent. Ingestion points: lib/docx.js, lib/sheet.js, and lib/bitable.js fetch data from the Feishu API. Boundary markers: Fetched content is not wrapped in protective delimiters or warnings to the agent. Capability inventory: The skill can create and append to documents (create.js, append_simple.js) and download files to the local filesystem (download_file.js). Sanitization: input_guard.js provides basic structural sanitization for API compatibility but does not filter for malicious instructions.
Audit Metadata