feishu-cli-approval

Pass

Audited by Gen Agent Trust Hub on Jun 29, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill invokes the feishu-cli command-line tool to perform operations related to Feishu approvals and authentication.
  • [EXTERNAL_DOWNLOADS]: The documentation references the author's GitHub repository (github.com/riba2534/feishu-cli) as the source for obtaining the necessary CLI tool. This is a legitimate vendor resource.
  • [CREDENTIALS_UNSAFE]: The skill refers to local token storage at ~/.feishu-cli/token.json and utilizes standard Feishu authentication flows (Tenant and User tokens). It does not contain hardcoded credentials or unauthorized data harvesting patterns.
  • [PROMPT_INJECTION]: The skill processes external data from the Feishu API and local JSON form files. While this creates a surface for potential indirect prompt injection if the external content is malicious, the skill itself contains no direct injection patterns or attempts to bypass agent safety filters.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 29, 2026, 06:34 AM
Security Audit — agent-trust-hub — feishu-cli-approval