feishu-voice-assistant
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXFILTRATION] (SAFE): The skill reads temporary audio files and uploads them to Feishu's authenticated API endpoints (open.feishu.cn). No patterns of unauthorized data exfiltration or access to sensitive local files were identified.
- [CREDENTIALS_UNSAFE] (SAFE): Sensitive credentials like DUBY_API_KEY and Feishu tokens are loaded from an environment file using standard practices. There are no hardcoded secrets within the provided source code.
- [COMMAND_EXECUTION] (SAFE): User-provided text and targets are handled as arguments via the commander library. The skill does not use shell execution or dynamic command construction, minimizing risks of command injection.
- [EXTERNAL_DOWNLOADS] (SAFE): All external packages are managed through the project's dependency manifest. No remote code execution or unverified script downloads were detected.
Audit Metadata