feishu-chat-history
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted chat messages from user-controlled sources via the Feishu API. Malicious instructions embedded within chat messages could potentially influence the agent's behavior during the summarization process.\n
- Ingestion points: Chat messages are fetched via the Feishu IM API at
https://open.feishu.cn/open-apis/im/v1/messages(as documented inreferences/api.md).\n - Boundary markers: The skill does not define or use boundary markers (such as XML tags or clear delimiters) to separate untrusted chat content from the agent's system instructions.\n
- Capability inventory: The skill performs network operations via
urllib.requestand reads local configuration files (~/.openclaw-autoclaw/openclaw.json).\n - Sanitization: There is no evidence of input sanitization or validation logic to filter out potential instructions hidden within the fetched messages.
Audit Metadata