feishu-cli-msg
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on the Bash tool to execute feishu-cli commands. It describes patterns for constructing these commands by interpolating message IDs, user IDs, and message content (often written to temporary files in /tmp/ via cat). This pattern is susceptible to command injection if the AI agent uses unsanitized input from users or external sources to populate command parameters.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. It has the capability to read message content, conversation history, and search results from Feishu (using commands like feishu-cli msg get and history) which are controlled by external users. This untrusted data could contain instructions meant to override the agent's behavior. Ingestion points: feishu-cli msg get, msg history, msg list, and search messages commands in SKILL.md. Boundary markers: Absent; no instructions are provided to the agent to treat external message content as data rather than instructions. Capability inventory: Bash, Read, and Write permissions enabled. Sanitization: Absent; no evidence of validation or escaping for data retrieved from the Feishu API.
Audit Metadata