feishu-cli-search
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute
feishu-clicommands for authentication and searching. This allows the agent to interact with the local system and the Feishu API. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted data from Feishu documents and messages. \n
- Ingestion points: Results from
feishu-cli search docsandfeishu-cli search messagesare brought into the agent's context. \n - Boundary markers: There are no explicit markers or instructions provided to the agent to treat the search results as untrusted data or to ignore embedded instructions. \n
- Capability inventory: The skill utilizes the
Bashtool, which provides a broad execution environment. \n - Sanitization: There is no evidence of sanitization or filtering of the retrieved content before it is processed.
- [CREDENTIALS_UNSAFE]: The skill manages sensitive Feishu User Access Tokens. These tokens are stored in the local file
~/.feishu-cli/token.json. Additionally, the authentication flow requires users to manually provide a callback URL which contains sensitive authorization codes and state parameters.
Audit Metadata