Skills
skills/autogame-17/feishu-skills/feishu-calendar/Gen Agent Trust Hub

feishu-calendar

Warn

Audited by Gen Agent Trust Hub on May 8, 2026

Risk Level: MEDIUMDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [DATA_EXPOSURE]: The skill accesses sensitive .env files located in parent directories to retrieve API credentials.
  • Evidence: Scripts including lib/CalendarManager.js, check.js, and create.js use dotenv to load configurations from ../../.env or ../../../.env which contain FEISHU_APP_ID and FEISHU_APP_SECRET.
  • [PROMPT_INJECTION]: Indirect prompt injection surface exists through the processing of calendar event metadata.
  • Ingestion points: sync.js and lib/CalendarManager.js fetch event summaries and descriptions from the Feishu API.
  • Boundary markers: Absent; no delimiters or warnings are used when writing these strings to HEARTBEAT.md or calendar_events.json.
  • Capability inventory: The skill executes shell commands via Node.js scripts and has file write permissions.
  • Sanitization: Absent; external data is interpolated into project files used by the agent for context without escaping or validation.
  • [COMMAND_EXECUTION]: The skill relies on the execution of shell commands with user-influenced arguments.
  • Evidence: SKILL.md defines protocols for the agent to run node create.js and other scripts using parameters extracted directly from user requests.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 8, 2026, 03:33 PM