feishu-doc-to-dev-spec
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Prompt Injection (LOW): Detected an indirect prompt injection surface (Category 8).
- Ingestion points: The skill ingests untrusted text, tables, and data from external Feishu/Lark URLs via the
fetch_feishu_doc.pyscript. - Boundary markers: The skill instructions do not define clear delimiters or provide instructions to the agent to ignore potentially malicious commands embedded within the document content.
- Capability inventory: The skill possesses the ability to write files to the local filesystem (
./output/) and perform complex reasoning based on the input. - Sanitization: No sanitization or filtering of the external document content is specified before the data is processed by the agent.
- Command Execution (SAFE): The system dependency
mkdir -p output/imagesis a benign administrative command used for directory setup and does not pose a security risk. - Credentials Safety (SAFE): The skill correctly manages sensitive credentials (
FEISHU_APP_ID,FEISHU_APP_SECRET) by utilizing environment variables rather than hardcoding values.
Audit Metadata