Skills
skills/autogame-17/feishu-skills/feishu-perm/Gen Agent Trust Hub

feishu-perm

Pass

Audited by Gen Agent Trust Hub on Mar 28, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill retrieves and displays collaborator information from the Feishu API, which serves as an ingestion point for untrusted data that could influence the agent's behavior if malicious instructions are embedded in names or IDs.
  • Ingestion points: Responses from client.im.drive.v1.permission.member.list in index.js.
  • Boundary markers: None are present in the console output to delimit the API data from instructions.
  • Capability inventory: Permission management (create, delete, update) for Feishu Drive files and folders.
  • Sanitization: No data validation or escaping is performed on retrieved API content before it is printed to the console.
  • [EXTERNAL_DOWNLOADS]: The index.js file utilizes the minimist package for argument parsing, but this dependency is not declared in the package.json file.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 28, 2026, 11:30 AM