Skills
skills/zc277584121/marketing-skills/md-to-feishu/Gen Agent Trust Hub

md-to-feishu

Fail

Audited by Gen Agent Trust Hub on Mar 19, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill includes instructions to download and execute an installation script for the uv tool.
  • Evidence: curl -LsSf https://astral.sh/uv/install.sh | sh in SKILL.md.
  • Context: The script is hosted on astral.sh, the official domain for the well-known uv Python utility.- [EXTERNAL_DOWNLOADS]: The skill interacts with the mermaid.ink API to fetch image renders of diagrams.
  • Evidence: Step 3c describes using urllib.request to fetch data from https://mermaid.ink/img/.- [COMMAND_EXECUTION]: The skill executes system commands such as which, python3, and uvx to manage the environment and run the conversion tool.
  • Evidence: Bash blocks in Step 2 and Step 4.- [DATA_EXFILTRATION]: The skill reads local Markdown files and transmits their contents to the Feishu platform.
  • Evidence: The primary functionality involves reading a <MARKDOWN_FILE_PATH> and using feishu-docx to create a document.- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it parses user-provided Markdown files to determine the document title and render diagrams.
  • Ingestion points: Untrusted Markdown files provided by the user.
  • Boundary markers: Absent; the agent reads the file content directly to extract the first heading.
  • Capability inventory: File system access and command execution through the feishu-docx and uvx tools.
  • Sanitization: No sanitization is applied to the Markdown content before it influences the agent's logic or is sent to external APIs.
Recommendations
  • HIGH: Downloads and executes remote code from: https://astral.sh/uv/install.sh - DO NOT USE without thorough review
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 19, 2026, 10:05 AM