Skills
skills/autogame-17/feishu-skills/feishu-memory-recall/Gen Agent Trust Hub

feishu-memory-recall

Pass

Audited by Gen Agent Trust Hub on Mar 28, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The file recall.js uses child_process.spawn to execute the skill's main logic in index.js. This is a standard wrapper pattern to maintain backward compatibility with previous version CLI arguments and uses the local Node.js runtime.
  • [DATA_EXFILTRATION]: The skill communicates with the official Feishu API (open.feishu.cn) to retrieve message history and manage authentication tokens. This network activity is necessary for the skill's primary function of Feishu memory recall and targets a well-known service.
  • [PROMPT_INJECTION]: The skill provides a surface for indirect prompt injection by fetching untrusted message content from external Feishu groups and injecting it into the agent's context via searches and digests.
  • Ingestion points: Untrusted data enters the context through the fetchMessages function in index.js which retrieves real-time chat data.
  • Boundary markers: The skill outputs raw message data in JSON format without explicit delimiters or instructions for the agent to ignore embedded commands within the messages.
  • Capability inventory: The skill has capabilities to read local agent session files (sessions.json) and write to local log files (RECENT_EVENTS.md and daily memory files).
  • Sanitization: There is no sanitization or filtering of the message content before it is presented to the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 28, 2026, 11:29 AM