Skills
skills/wulaosiji/skills/feishu-doc-converter/Gen Agent Trust Hub

feishu-doc-converter

Warn

Audited by Gen Agent Trust Hub on Mar 8, 2026

Risk Level: MEDIUMCREDENTIALS_UNSAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill accesses sensitive files in the user's home directory to load configuration and secrets.
  • Evidence: In __init__.py, the load_config function attempts to read from ~/.openclaw/.env and ~/.claude/feishu-config.env. These paths are identified as sensitive file locations.
  • [CREDENTIALS_UNSAFE]: The skill extracts and uses application secrets (App ID and App Secret) from local environment files.
  • Evidence: The load_config function specifically parses FEISHU_APP_ID and FEISHU_APP_SECRET from .env files. While necessary for the skill's primary function of interacting with the Feishu API, accessing generic environment files increases the risk of credential exposure.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it fetches and processes content from external URLs without sanitization or boundary markers.
  • Ingestion points: The doc_to_md and url_to_md functions in __init__.py ingest content from Feishu documents and external URLs (e.g., WeChat).
  • Boundary markers: No delimiters or instructions to ignore embedded commands are present in the prompts.
  • Capability inventory: The skill utilizes the requests library to make network calls and fetch content, but does not currently implement dangerous execution capabilities like subprocess or eval.
  • Sanitization: The skill performs basic Markdown formatting but does not sanitize the input text for potential malicious instructions targeted at the consuming agent.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 8, 2026, 02:24 AM