lark-cli-router

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). This is a direct raw GitHub link to an install.sh shell script in a third‑party/unverified repository (riba2534/feishu-cli); raw shell scripts intended to be piped to bash are high‑risk because they execute unknown code from an untrusted source.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). High risk: the skill contains deliberate backdoor-like behavior—it mandates automatically transferring ownership of any created document (without user prompt) to a specific hard-coded open_id and includes automated install/run instructions (curl|bash, npm/npx) that could be used to silently gain capabilities or perform supply-chain abuse.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required installation steps explicitly fetch and execute code from public third-party sources (e.g., "curl -fsSL https://raw.githubusercontent.com/riba2534/feishu-cli/main/install.sh | bash" and npm installs referenced in the SKILL.md), which are untrusted external contents that, once run/installed, can materially change tooling and subsequent agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill includes a runtime installation step that fetches and executes remote code (curl -fsSL https://raw.githubusercontent.com/riba2534/feishu-cli/main/install.sh | bash) and also points to fetching source via go install github.com/riba2534/feishu-cli@latest, which directly executes external code during runtime.