Skills
skills/autogame-17/feishu-skills/feishu-robot-registry/Gen Agent Trust Hub

feishu-robot-registry

Warn

Audited by Gen Agent Trust Hub on Mar 28, 2026

Risk Level: MEDIUMCREDENTIALS_UNSAFEDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill's 'register' functionality encourages the storage of sensitive 'session keys' and 'App IDs' in a Feishu document. Storing authentication tokens in collaborative docx documents can lead to unauthorized access or credential theft if the document permissions are not strictly managed.
  • [DATA_EXFILTRATION]: Sensitive robot credentials (session keys) are transmitted to and stored on Feishu's cloud infrastructure as part of the registry functionality.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection.
  • Ingestion points: The listRobots function in index.js retrieves arbitrary content from a Feishu document.
  • Boundary markers: There are no markers or instructions to isolate the retrieved document content from the agent's context.
  • Capability inventory: The skill allows creating and updating documents, and it interfaces with the broader agent environment.
  • Sanitization: No validation or escaping is performed on the data fetched from the registry document, allowing potentially malicious instructions to be processed by the agent.
  • [COMMAND_EXECUTION]: The skill uses the commander library to handle command-line arguments. While no direct shell execution of these arguments was observed, user-supplied strings (like robot names) are interpolated into the content sent to the Feishu API.
  • [EXTERNAL_DOWNLOADS]: The skill communicates with Feishu's official Open APIs (open.feishu.cn) to perform search, create, and update operations on documents.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 28, 2026, 11:29 AM