feishu-cli-toolkit
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references an external CLI tool, feishu-cli, hosted on the author's GitHub repository. This is a primary dependency for the skill's operation.\n- [COMMAND_EXECUTION]: The provided automation script for downloading document attachments in Section 13 processes filenames extracted from untrusted document content. This script utilizes Bash for file system operations.\n
- Evidence: Filenames extracted from documents are used directly in file paths:
output_file="$OUTPUT_DIR/$filename".\n - Risk: A lack of sanitization on filenames derived from untrusted external documents could allow for path traversal if a filename contains sequences like
../.\n- [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it is designed to ingest and process data from external Feishu documents, spreadsheets, and wikis.\n - Ingestion points: External data enters the agent context via commands like
feishu-cli doc exportandfeishu-cli wiki exportas described in SKILL.md.\n - Boundary markers: There are no explicit delimiters or instructions to ignore embedded commands within the processed data.\n
- Capability inventory: The skill is granted
BashandWritepermissions, allowing it to perform file system operations and execute CLI commands based on the processed content.\n - Sanitization: The skill and its provided scripts do not perform validation or sanitization of the content ingested from external documents before using it in automation logic.
Audit Metadata