feishu-cli-event
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Executes
feishu-clicommands for event management (list,schema,consume,status,stop) and usesjq,tail, andsleepfor data processing and synchronization. - [EXTERNAL_DOWNLOADS]: References the
feishu-clitool hosted on the author's public GitHub repository (github.com/riba2534/feishu-cli) to enable event subscription capabilities. - [DATA_EXFILTRATION]: Authenticates with Feishu servers (
open.feishu.cn) using application credentials (FEISHU_APP_IDandFEISHU_APP_SECRET) to establish WebSocket connections. This is a functional requirement for the skill. - [PROMPT_INJECTION]: The skill facilitates the ingestion of untrusted data from the Feishu Open Platform, creating a surface for indirect prompt injection. \n
- Ingestion points: Real-time event payloads received via WebSocket streams as defined in SKILL.md. \n
- Boundary markers: Data is structured and output in NDJSON format. \n
- Capability inventory: The agent utilizes
Bash,Read, andWritetools as specified in the skill configuration. \n - Sanitization: Filenames for dumped events are sanitized using a allowlist filter (
[A-Za-z0-9_-]) to prevent path traversal, although the event content itself is processed as received.
Audit Metadata