feishu-cli-api

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill does not contain any malicious patterns such as prompt injection, data exfiltration, or obfuscated code. Its purpose is to guide the agent in using the feishu-cli tool.
  • [EXTERNAL_DOWNLOADS]: The skill references an external GitHub repository (github.com/riba2534/feishu-cli) for installation instructions. This repository belongs to the skill's author and is a legitimate vendor resource.
  • [COMMAND_EXECUTION]: The skill is designed to execute shell commands using feishu-cli. This behavior is explicitly restricted in the YAML frontmatter to specific subcommands (api:*, schema:*), ensuring the agent operates within a defined scope.
  • [PROMPT_INJECTION]: As the skill interacts with external API data (Feishu OpenAPI), it inherently possesses an indirect prompt injection surface. If an API returns malicious content, it could potentially influence the agent. However, the risk is mitigated by the restricted command scope.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 01:55 AM
Security Audit — agent-trust-hub — feishu-cli-api