feishu-cli-bitable
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to use the
Bashtool to executefeishu-clicommands (e.g.,feishu-cli bitable create,feishu-cli bitable records) to interact with the Feishu Bitable API.\n- [DATA_EXFILTRATION]: The skill references sensitive file paths and environment variables for authentication purposes, specifically~/.feishu-cli/config.yaml,FEISHU_APP_ID, andFEISHU_APP_SECRET. This represents an exposure of local credentials required for the tool's operation.\n- [EXTERNAL_DOWNLOADS]: The documentation points to an external GitHub repository (github.com/riba2534/feishu-cli) as the source for the requiredfeishu-clitool. This is a vendor resource associated with the skill author.\n- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8) by processing external data from Feishu Bitable records. \n - Ingestion points: Data is ingested via the
feishu-cli bitable recordscommand which retrieves record content from remote tables.\n - Boundary markers: The instructions lack explicit boundary markers or warnings to ignore embedded instructions within the retrieved data.\n
- Capability inventory: The skill has access to powerful tools including
Bash,Read, andWrite, which could be exploited if malicious instructions are present in the ingested data.\n - Sanitization: There is no mention of sanitization or validation of the content retrieved from external records before it is processed by the agent.
Audit Metadata