feishu-cli-bitable
Pass
Audited by Gen Agent Trust Hub on May 10, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute feishu-cli commands for managing Feishu Bitable resources such as tables, fields, and records. This is the intended and documented purpose of the skill.
- [DATA_EXFILTRATION]: The skill manages sensitive identifiers and authentication tokens (base_token, app_token) as command-line arguments. While these are sensitive, the skill handles them as required parameters for the CLI tool and uses placeholders in examples.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface where user-supplied inputs (e.g., table names, record values) are interpolated into shell commands via the Bash tool. * Evidence Chain: 1. Ingestion points: User-provided values for --name, --config, and --base-token parameters. 2. Boundary markers: None explicitly defined. 3. Capability inventory: Utilizes Bash, Read, and Write tools. 4. Sanitization: No explicit sanitization of input data is described within the skill instructions.
Audit Metadata