feishu-cli-mail
Pass
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the Bash tool to interact with the feishu-cli for operations such as reading, sending, and managing emails.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes incoming email data which is untrusted. 1. Ingestion points: Email bodies and metadata fetched via feishu-cli mail message and mail triage commands. 2. Boundary markers: None are present to distinguish user instructions from email content. 3. Capability inventory: The agent has Bash tool access and can send or forward emails. 4. Sanitization: No sanitization or filtering of email content is performed before processing.
- [DATA_EXFILTRATION]: The mail send and forward functionalities allow the agent to transmit data to arbitrary external email addresses, which could be exploited for exfiltration if the agent's logic is subverted by malicious email content.
Audit Metadata