byted-viking-aisearch-feishu
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXPOSURE]: The skill facilitates access to Feishu document content. This behavior is the primary intended function and is performed using official API endpoints (open.feishu.cn) belonging to the vendor (ByteDance). Access is governed by the user's OAuth access token.
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it retrieves and processes arbitrary text from external Feishu documents.
- Ingestion points: Document content is fetched via the
fetch_raw_contentmethod inscripts/feishu_search.py. - Boundary markers: No specific delimiters or boundary markers are instructed for use in the agent instructions within
SKILL.md. - Capability inventory: The skill utilizes the
requestslibrary for HTTP communication. No capabilities for shell command execution, file system modification, or persistence were found. - Sanitization: The skill does not perform sanitization on the retrieved document content, passing the raw text directly to the agent.
Audit Metadata