feishu-im-read
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses bash to execute a local Python script (skills/feishu-cli/run.py) to perform Feishu tool actions.
- [DATA_EXFILTRATION]: The skill retrieves sensitive message history, thread replies, and file attachments from Feishu chats. This is consistent with its primary purpose.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its processing of untrusted external message content.
- Ingestion points: Chat history and message replies fetched via the history action in SKILL.md.
- Boundary markers: None specified; message content is ingested without explicit delimiters or instructions to ignore embedded commands.
- Capability inventory: The skill possesses the ability to send messages, upload files, and execute CLI commands through the run.py script.
- Sanitization: No sanitization or content validation is mentioned for the retrieved chat data.
Audit Metadata