feishu-doc-reader
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses local shell and Python scripts (e.g., scripts/read_doc.sh, scripts/read_feishu_doc.py) to interact with the Feishu API. This is standard behavior for a CLI-based integration tool.
- [EXTERNAL_DOWNLOADS]: The skill connects to the official Feishu Open API domain (open.feishu.cn) to retrieve document data. This is a well-known service and necessary for the skill's functionality.
- [PROMPT_INJECTION]: The skill possesses an inherent surface for indirect prompt injection as it ingests content from external documents. However, no malicious instructions or bypass attempts were found.
- Ingestion points: Document, sheet, and slide content retrieved from Feishu via API.
- Boundary markers: Not explicitly documented in the user instructions.
- Capability inventory: Local script execution for data processing.
- Sanitization: Not explicitly documented in the provided file.
Audit Metadata