feishu-perm
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or unauthorized access attempts were detected. The skill provides a legitimate interface for managing collaborator access on the Feishu platform.\n- [NO_CODE]: This skill consists entirely of Markdown and YAML configuration. Since no executable scripts (Python, JavaScript, or Shell) are provided, common attack vectors like remote code execution, privilege escalation, and persistence are not applicable.\n- [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection because it processes external data from the Feishu API. \n
- Ingestion points: Collaborator names, IDs, and permission levels retrieved via the 'list' action in SKILL.md. \n
- Boundary markers: None specified in the tool definition. \n
- Capability inventory: The 'feishu_perm' tool can modify permissions (add/remove) and list collaborator details. \n
- Sanitization: No explicit sanitization or validation logic is defined for the retrieved API data. \nThis surface is standard for administrative tools and does not constitute a vulnerability in the static configuration.
Audit Metadata