feishu-common
Pass
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security vulnerabilities were detected. The skill implementation follows secure coding practices for API clients.
- [CREDENTIALS_UNSAFE]: The skill correctly manages sensitive application credentials (FEISHU_APP_ID and FEISHU_APP_SECRET) by loading them from environment variables instead of hardcoding them within the source code.
- [EXTERNAL_DOWNLOADS]: Network requests are directed exclusively to the official Feishu API domain (open.feishu.cn) for the purposes of obtaining access tokens and sending messages.
- [COMMAND_EXECUTION]: No instances of arbitrary command execution, shell spawning, or unsafe subprocess management were identified.
Audit Metadata