feishu-cli-msg
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Interaction with the Feishu platform is performed by executing feishu-cli commands via the Bash tool.\n- [EXTERNAL_DOWNLOADS]: The documentation points to the GitHub repository for the feishu-cli tool (github.com/riba2534/feishu-cli) for installation.\n- [DATA_EXFILTRATION]: The skill facilitates data transfer by allowing the agent to upload local files to Feishu and download message attachments to the local filesystem.\n- [PROMPT_INJECTION]: The skill has a surface for indirect instructions through the ingestion of external message data.\n
- Ingestion points: Commands such as msg get, msg mget, and msg thread-messages retrieve message content from Feishu.\n
- Boundary markers: There are no explicit delimiters or specific instructions provided to the agent to treat message content as untrusted data.\n
- Capability inventory: The agent has access to Bash (via feishu-cli), Read, and Write tools.\n
- Sanitization: No input sanitization or validation of the message content is performed by the skill.
Audit Metadata