feishu-doc-to-dev-spec
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection attack surface because it reads untrusted data from external Feishu documents and integrates it into the agent context.
- Ingestion points: Document text and tables are fetched from Feishu URLs via the
scripts/fetch_feishu_doc.pytool. - Boundary markers: The prompt construction in
demo.pydoes not utilize specific delimiters or escape sequences to isolate external content from system instructions. - Capability inventory: The skill possesses network access to the Feishu API and the ability to write files (images and markdown) to the local
./outputdirectory. - Sanitization: No content filtering is applied to the fetched data to remove or neutralize embedded commands.
- [EXTERNAL_DOWNLOADS]: The skill performs network requests to the official Feishu/Lark API domain (
open.feishu.cn) to retrieve document content and binary image files. - [COMMAND_EXECUTION]: The skill executes a system command (
mkdir -p output/images) defined in theSKILL.mdfrontmatter to initialize the local output environment.
Audit Metadata