Skills
skills/autogame-17/feishu-skills/feishu-card/Gen Agent Trust Hub

feishu-card

Warn

Audited by Gen Agent Trust Hub on May 8, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script send_safe.js is vulnerable to shell command injection. It constructs a command string by interpolating options.target, options.color, and options.title directly into a template string passed to execSync. While the variables are wrapped in double quotes, they are not sanitized, allowing an attacker to escape the quotes (e.g., using "; id; ") and execute arbitrary shell commands.
  • [COMMAND_EXECUTION]: The handle_event.js script exhibits a similar command injection vulnerability. It extracts data from an external event payload (userOpenId and menuKey) and interpolates it into an execSync call. This creates a direct path for executing arbitrary code if the event source is untrusted or compromised.
  • [PROMPT_INJECTION]: This category identifies an indirect injection surface in the skill's event handling logic.
  • Ingestion points: The handle(eventPayload) function in handle_event.js processes external JSON data.
  • Boundary markers: Absent. The data is directly interpolated into a command string.
  • Capability inventory: The skill has the capability to execute shell commands via child_process.execSync in both handle_event.js and send_safe.js.
  • Sanitization: None. The scripts rely on simple double-quoting which is insufficient to prevent command injection attacks.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 8, 2026, 03:32 PM