Skills
skills/0xranx/agent-kit/feishu-doc/Gen Agent Trust Hub

feishu-doc

Pass

Audited by Gen Agent Trust Hub on Mar 28, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The feishu_doc.py script executes the feishu-docx command-line utility using subprocess.run. Although it uses a list for arguments to mitigate shell injection, it passes the app_secret as a plain-text CLI argument, which can be visible to other users or processes on the same system.
  • [EXTERNAL_DOWNLOADS]: The skill fetches data from open.feishu.cn, the official Feishu API domain. This is consistent with the skill's purpose but constitutes a retrieval of external data into the agent's context.
  • [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection by reading external content.
  • Ingestion points: cmd_read and cmd_read_chat in feishu_doc.py fetch text from documents and chat messages.
  • Boundary markers: There are no explicit markers or safety instructions used when presenting this content to the AI agent.
  • Capability inventory: The skill can execute subprocesses, write to local files like user_token.json, and interact with the Feishu API.
  • Sanitization: No sanitization or filtering is applied to the retrieved content.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 28, 2026, 07:33 PM