feishu-send-file
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/send_file.pyutilizessubprocess.runto execute thecurlcommand for uploading files to the Feishu API. This is a standard method for handling multipart/form-data uploads in environment-constrained scripts and does not use a shell, which mitigates shell injection risks. - [EXTERNAL_DOWNLOADS]: The skill interacts with
open.feishu.cn, which is the official and well-known API domain for Feishu (Lark). It performs POST requests to obtain access tokens and send messages. These network operations are necessary for the skill's stated purpose and target a trusted service provider. - [REMOTE_CODE_EXECUTION]: An automated scanner flagged the Feishu API endpoint as an RCE risk. However, manual inspection of
scripts/send_file.pyconfirms this is a false positive. The code simply usesurllib.requestto parse JSON responses from the Feishu API and does not execute any remote content as code. - [INDIRECT_PROMPT_INJECTION]: The skill possesses an inherent data exposure surface because it is designed to read local files based on agent instructions and send them to an external cloud service.
- Ingestion points: The
file_pathandopen_idarguments inscripts/send_file.pyare provided via the agent at runtime. - Boundary markers: None identified in the provided scripts.
- Capability inventory: The skill has read access to the local filesystem and network access to Feishu's servers.
- Sanitization: The script checks for the existence of the file via
os.path.existsbut does not restrict the directories from which files can be read. Users should ensure the agent's workspace is properly isolated.
Audit Metadata