feishu-cli-card
Pass
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute the
feishu-clicommand for sending interactive card messages. This operation is the primary intended function of the skill and is documented clearly for the agent. - [PROMPT_INJECTION]: The skill is designed to ingest untrusted user input to populate interactive card templates, creating an attack surface for indirect prompt injection.
- Ingestion points: External data enters the context through user requests containing fields like notification summaries, alert impacts, or approval reasons.
- Boundary markers: Absent. The skill does not employ specific delimiters or 'ignore' instructions to isolate user-provided content from the JSON schema structure.
- Capability inventory: The skill is granted
Writepermissions to create JSON files in the/tmp/directory andBashpermissions to interact with external messaging APIs via a CLI tool. - Sanitization: Absent. The instructions rely on the LLM's inherent formatting capabilities and do not specify explicit escaping or validation routines for characters that might disrupt JSON parsing or influence the message recipient.
Audit Metadata