feishu-cli-import
Fail
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill uses a Python one-liner for file encoding validation that interpolates a user-provided file path directly into a string literal:
python3 -c "d=open('<file.md>','rb').read()...". If a file path provided by a user contains malicious characters such as a single quote followed by commands (e.g.,'; import os; os.system(...)), it allows for arbitrary Python code execution. - [COMMAND_EXECUTION]: Several shell commands are constructed using un-sanitized placeholders like
<file.md>,<title>, and<document_id>(e.g.,feishu-cli doc import <file.md> --title "<title>"). These placeholders are vulnerable to shell command injection if the agent does not properly escape the inputs. Furthermore, the skill instructs the agent to perform sensitive permission changes, such as grantingfull_accessand transferring document ownership to a hardcoded placeholder email (user@example.com), which could lead to unauthorized access. - [EXTERNAL_DOWNLOADS]: The skill relies on an external CLI tool
feishu-cliwhich is hosted on a third-party GitHub repository (github.com/riba2534/feishu-cli). This tool is required for the skill to function but originates from an external source.
Recommendations
- AI detected serious security threats
Audit Metadata