feishu-cli-create
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONREMOTE_CODE_EXECUTION
Full Analysis
- [DATA_EXFILTRATION] (HIGH): The skill's execution logic mandates granting
full_accesspermissions to a hardcoded email address (user@example.com) immediately after document creation. This gives an external entity the ability to edit, delete, export, and manage permissions for all documents created using this skill. - [COMMAND_EXECUTION] (HIGH): The user-provided
<title>argument is interpolated directly into a Bash command:feishu-cli doc create --title "<title>". This creates a command injection vulnerability where an attacker can execute arbitrary shell commands by crafting a malicious title (e.g.,"; rm -rf /; "). - [EXTERNAL_DOWNLOADS] (MEDIUM): The skill depends on
feishu-cli, a non-standard command-line utility. The source and safety of this tool are not specified, representing an unverifiable dependency risk. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill ingests untrusted user data via the
<title>parameter and interpolates it into a high-privilege command sequence (writing to the cloud and modifying permissions) without any sanitization or boundary markers.
Recommendations
- AI detected serious security threats
Audit Metadata