feishu-cli-auth

Pass

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to execute commands for the feishu-cli utility to handle authentication, application registration, and data retrieval.
  • [DATA_EXPOSURE_AND_EXFILTRATION]: The skill manages authentication tokens and configuration data stored in ~/.feishu-cli/. These files contain sensitive access and refresh tokens, but the skill instructions specify using restrictive file permissions (0600) to limit access to the local user.
  • [INDIRECT_PROMPT_INJECTION]:
  • Ingestion points: User-provided strings for search queries and OAuth scope requests are passed as arguments to CLI commands.
  • Boundary markers: None explicitly provided in the skill instructions.
  • Capability inventory: Bash tool execution for all feishu-cli subcommands (e.g., auth, search, config).
  • Sanitization: The skill relies on the underlying feishu-cli tool to sanitize input before interacting with the Feishu API.
Audit Metadata
Risk Level
SAFE
Analyzed
May 18, 2026, 01:49 PM
Security Audit — agent-trust-hub — feishu-cli-auth