feishu-connection
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill's primary function is to bridge untrusted user messages from Feishu to an AI agent context, creating a surface for indirect prompt injection. Ingestion points: Feishu message receive events via WebSocket. Boundary markers: No specific delimiters or safety instructions are defined in the provided configuration. Capability inventory: The bridge forwards processed content to the Clawdbot Gateway. Sanitization: No sanitization of incoming text is implemented in the provided setup scripts.
- Persistence Mechanisms (LOW): The
setup_service.pyscript generates a macOSlaunchdplist to ensure the bridge service runs on startup. While persistence can be a high-risk pattern, it is a transparent and documented core feature of this skill. - Command Execution (SAFE): The skill utilizes
uvto manage dependencies and execute the bridge script. This is a standard and expected behavior for a Python-based utility. - Credential Handling (SAFE): The documentation correctly instructs users to store API secrets in a dedicated directory with restricted file permissions (
chmod 600), which aligns with security best practices.
Audit Metadata