feishu-cli
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it is designed to ingest and process data from external Feishu/Lark sources.
- Ingestion points: The skill retrieves content from Feishu documents, wiki pages, and chat messages via the
feishu_toolandfeishu_apiactions inrun.py. - Boundary markers: No specific delimiters or "ignore embedded instructions" warnings are implemented in the tool wrapper to separate external data from system instructions.
- Capability inventory: The skill has broad capabilities including file deletion, document modification, and message sending, which are accessible to the agent after processing external data.
- Sanitization: The skill acts as a pass-through for Feishu API responses and does not perform explicit sanitization of the content before it enters the agent's context.
Audit Metadata