feishu-bitable
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's primary function is to provide structured access to the Feishu Bitable API. All analyzed files contain legitimate instructions, usage examples, and a wrapper script designed for this purpose. No evidence of hardcoded credentials, malicious downloads, or unauthorized access attempts was found.
- [INDIRECT_PROMPT_INJECTION]: The skill interacts with external data sources (Feishu tables), which represents a potential surface for indirect prompt injection if those tables contain untrusted content.
- Ingestion points: External data is retrieved through the
list_recordsaction as described inSKILL.md. - Boundary markers: The instructions do not currently mandate the use of delimiters or guardrail instructions when the agent processes retrieved cell content.
- Capability inventory: The agent has the ability to perform file system operations (via
bash) and API operations including writing and deleting records/fields. - Sanitization: No explicit sanitization or validation of the data retrieved from the tables is implemented in the provided prompt instructions.
Audit Metadata