Skills
skills/wulaosiji/skills/feishu-doc-converter/Gen Agent Trust Hub

feishu-doc-converter

Warn

Audited by Gen Agent Trust Hub on Apr 18, 2026

Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill accesses sensitive configuration files in the user's home directory, specifically ~/.openclaw/.env and ~/.claude/feishu-config.env, to retrieve Feishu API credentials such as FEISHU_APP_ID and FEISHU_APP_SECRET.
  • [COMMAND_EXECUTION]: The _wechat_to_md function in init.py performs dynamic module loading by modifying sys.path to include a relative sibling directory (../wechat-article-fetcher) and then importing from it. This dynamic loading from computed paths occurs at runtime.
  • [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection by ingesting and processing untrusted content from Feishu documents and external URLs.
  • Ingestion points: External content is fetched via the Feishu API (_get_document_blocks) and WeChat fetching logic (_wechat_to_md).
  • Boundary markers: The skill does not use delimiters or provide instructions to the agent to ignore embedded instructions in the converted Markdown.
  • Capability inventory: The skill has capabilities for network requests and file system writes.
  • Sanitization: There is no filtering or validation of the ingested content before it is converted and returned to the agent.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 18, 2026, 01:11 AM