feishu-cli-import
Warn
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill executes feishu-cli commands via the Bash tool using direct string interpolation of user-provided arguments such as <file.md> and . This pattern is vulnerable to command injection if the inputs contain shell-sensitive characters like semicolons or backticks.
- [EXTERNAL_DOWNLOADS]: The skill's operation depends on feishu-cli, an external binary that is not a standard system utility. This dependency on an unverified third-party tool that interacts with the filesystem and network represents a potential security risk.
Audit Metadata