Skills
skills/riba2534/feishu-cli/feishu-cli-task/Gen Agent Trust Hub

feishu-cli-task

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION] (HIGH): The skill is highly susceptible to Indirect Prompt Injection (Category 8) due to its data processing workflow.
  • Ingestion points: The feishu-cli task list and feishu-cli task get commands (referenced in SKILL.md) ingest external, potentially attacker-controlled data from Feishu tasks.
  • Boundary markers: There are no defined delimiters or instructions to the agent to ignore embedded commands within the task content.
  • Capability inventory: The skill uses the Bash tool to execute commands that modify external state (create, update, delete, complete).
  • Sanitization: No sanitization or validation logic is present to filter malicious instructions from retrieved task data.
  • [COMMAND_EXECUTION] (MEDIUM): The skill relies on the Bash tool to interface with feishu-cli. While the scope is intended for task management, the lack of input validation on retrieved data could allow an attacker to influence the arguments passed to the CLI if the agent parses malicious task descriptions as instructions.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 07:35 AM