x-article-publisher
Pass
Audited by Gen Agent Trust Hub on Jul 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: Uses the Python
subprocessmodule to execute thefeishu2mdcommand-line tool for article conversion. - [COMMAND_EXECUTION]: Executes shell commands via
subprocess.run(shell=True)to verify the availability of required system utilities such asfeishu2mdandplaywright-cli. - [EXTERNAL_DOWNLOADS]: Downloads article content and video media blocks from Feishu's official API domain (
open.feishu.cn) using user-provided credentials. - [DATA_EXFILTRATION]: Accesses Feishu API credentials (App ID and App Secret) from environment variables and local configuration files (e.g.,
~/.config/feishu2md/config.json) to authenticate media downloads. - [DATA_EXFILTRATION]: Automatically searches common user directories (
~/Downloads,~/Desktop,~/Pictures) to resolve and access media files referenced in Markdown articles.
Audit Metadata