feishu-cli-write
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on executing the
feishu-clitool via Bash to perform document operations, including sensitive tasks like adding permissions (perm add) and transferring ownership (perm transfer-owner). - [DATA_EXFILTRATION]: Document content is temporarily stored in
/tmp/feishu_write_<timestamp>.md. In shared environments, files in/tmpcan lead to unauthorized data exposure if not properly cleaned or if permissions are overly permissive. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface. It ingests data from user input and document structures via
feishu-cli doc blocks. There are no explicit boundary markers or sanitization steps mentioned. The agent's capabilities include executing Bash commands and managing document permissions, which could be exploited if malicious instructions are processed.
Audit Metadata