feishu-cli-export
Pass
Audited by Gen Agent Trust Hub on Apr 27, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill documentation directs users to download and install an external tool,
feishu-cli, from the author's GitHub repository (github.com/riba2534/feishu-cli). This tool is required for the skill to function. - [COMMAND_EXECUTION]: The skill relies on the
Bashtool to execute variousfeishu-clicommands, includingdoc export,wiki export, andmedia-download. This grants the agent the ability to execute shell commands on the local system to interact with the Feishu API. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes content from Feishu documents, which are externally controlled.
- Ingestion points: Data enters the agent context via the output of
feishu-cli doc export(Markdown files) and file reads using theReadtool. - Boundary markers: The skill does not define specific delimiters or instructions to the agent to ignore embedded commands within the processed document content.
- Capability inventory: The agent has access to
Bash(full shell command execution) andRead(file system access), which could be exploited if malicious instructions are present in the exported documents. - Sanitization: No explicit sanitization or validation of the document content is performed before it is presented to the agent.
Audit Metadata