feishu-cli-export
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill's execution flow constructs shell commands for the
feishu-clitool by interpolating parameters like<document_id>,<node_token>, and<output_path>. If these inputs are provided by a user or external source and are not properly sanitized or escaped, they could be leveraged for shell command injection. - [PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection attacks. It exports content from external Feishu/Lark documents and subsequently reads that content into the agent's context using the
Readtool. Maliciously crafted content within those documents could attempt to override agent instructions. Ingestion points: Markdown files exported from Feishu to the local file system (e.g., in/tmp/). Boundary markers: No specific delimiters or safety instructions are defined to separate document content from system prompts. Capability inventory: The skill has access to theBashandReadtools. Sanitization: No validation or sanitization of the document content is performed before the agent reads it. - [CREDENTIALS_UNSAFE]: The skill requires Feishu application credentials (
FEISHU_APP_ID,FEISHU_APP_SECRET) which are stored in environment variables or a configuration file at~/.feishu-cli/config.yaml. While no secrets are hardcoded in the skill itself, the reliance on and access to this sensitive configuration file by the underlying CLI tool represents a point of potential credential exposure.
Audit Metadata