feishu-cli-calendar
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (HIGH): The skill is susceptible to Indirect Prompt Injection (Category 8) due to the handling of external data.\n
- Ingestion points: Content is ingested from Feishu via
feishu-cli calendar list-eventsandget-eventas documented in SKILL.md.\n - Boundary markers: Absent. There are no instructions to the agent to treat calendar data as untrusted or separate from instructions.\n
- Capability inventory: The skill allows the use of the
Bashtool and has the ability to write/delete calendar data. This high-capability environment significantly increases the risk if the agent obeys instructions hidden in calendar event summaries.\n - Sanitization: Absent. There is no evidence of filtering or sanitizing strings retrieved from the external API.\n- COMMAND_EXECUTION (MEDIUM): The skill relies on the
Bashtool to execute CLI commands. In the context of processing untrusted calendar data, this provides an immediate vector for an attacker to achieve code execution if the agent is successfully injected.
Recommendations
- AI detected serious security threats
Audit Metadata