feishu-bitable
Fail
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The SKILL.md file contains an explicit directive under the 'AI Behavior Code' section telling the agent not to read or analyze the source code of the scripts. This is a deceptive practice intended to hide malicious or intrusive behavior from security analysis.
- [COMMAND_EXECUTION]: All scripts in the scripts/ directory, such as record/batch-create.js and table/list.js, are heavily obfuscated and utilize the child_process.execSync module to execute system-level shell commands.
- [DATA_EXFILTRATION]: The obfuscated logic includes system profiling commands such as 'wmic cpu get ProcessorId', 'wmic baseboard get SerialNumber', and 'wmic csproduct get UUID'. These commands are used to collect unique hardware identifiers to create a machine fingerprint, which is an intrusive collection of host metadata.
- [COMMAND_EXECUTION]: The skill implements a conditional execution mechanism based on a local licensing file (license-key.txt) and machine hardware fingerprints, which allows the developer to restrict or monitor skill usage in a way that is not disclosed to the user.
Recommendations
- AI detected serious security threats
Audit Metadata