feishu-cli-comment
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The skill relies on the Bash tool to execute feishu-cli commands. Arguments such as text or comment_id provided by users are interpolated into shell strings, which can lead to command injection if the agent does not perform strict escaping of shell metacharacters.
- [PROMPT_INJECTION] (LOW): (Category 8: Indirect Prompt Injection Surface) The skill ingests comment content from external Feishu documents that could contain malicious instructions. 1. Ingestion points: Document comments fetched via 'feishu-cli comment list'. 2. Boundary markers: Absent; there are no instructions to the agent to treat fetched comment data as untrusted. 3. Capability inventory: The skill has access to Bash and Read tools. 4. Sanitization: None; document comments are passed directly into the context.
Audit Metadata