feishu-cli-approval
Pass
Audited by Gen Agent Trust Hub on Jun 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes the
feishu-clicommand-line tool to perform operations related to Feishu approvals and authentication. - [EXTERNAL_DOWNLOADS]: The documentation references the author's GitHub repository (
github.com/riba2534/feishu-cli) as the source for obtaining the necessary CLI tool. This is a legitimate vendor resource. - [CREDENTIALS_UNSAFE]: The skill refers to local token storage at
~/.feishu-cli/token.jsonand utilizes standard Feishu authentication flows (Tenant and User tokens). It does not contain hardcoded credentials or unauthorized data harvesting patterns. - [PROMPT_INJECTION]: The skill processes external data from the Feishu API and local JSON form files. While this creates a surface for potential indirect prompt injection if the external content is malicious, the skill itself contains no direct injection patterns or attempts to bypass agent safety filters.
Audit Metadata