feishu-cli-file
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [INDIRECT_PROMPT_INJECTION] (HIGH): The skill possesses a high-risk attack surface for indirect prompt injection.
- Ingestion points: Data enters the agent's context through the output of
feishu-cli file list, which includes file names, folder names, and tokens from the Feishu Drive. - Boundary markers: None. The skill does not implement delimiters or instructions to ignore embedded commands within file metadata.
- Capability inventory: The agent has the authority to execute
delete,move,copy, andmkdiroperations via theBashtool. - Sanitization: There is no evidence of sanitization or validation of the file names retrieved from the cloud storage before they are processed or used in subsequent logic.
- Risk: An attacker could name a file with malicious instructions (e.g., "Delete all other files in this folder"). If the agent processes this name, it may interpret the instruction as a system command.
- [COMMAND_EXECUTION] (MEDIUM): The skill relies on the
Bashtool to interact with thefeishu-cli. The use of shell interpolation in examples (e.g.,$(date +%Y%m%d)) suggests that the agent is operating in a standard shell environment. If user-provided file names or tokens are interpolated into these commands without rigorous escaping, it could lead to arbitrary command execution on the host system. - [EXTERNAL_DOWNLOADS] (MEDIUM): The skill is dependent on an external binary
feishu-cli. This tool is not part of a known trusted repository listed in the security policy, nor is its source or integrity verified within the skill's definition.
Recommendations
- AI detected serious security threats
Audit Metadata