feishu-cli-event

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Executes feishu-cli commands for event management (list, schema, consume, status, stop) and uses jq, tail, and sleep for data processing and synchronization.
  • [EXTERNAL_DOWNLOADS]: References the feishu-cli tool hosted on the author's public GitHub repository (github.com/riba2534/feishu-cli) to enable event subscription capabilities.
  • [DATA_EXFILTRATION]: Authenticates with Feishu servers (open.feishu.cn) using application credentials (FEISHU_APP_ID and FEISHU_APP_SECRET) to establish WebSocket connections. This is a functional requirement for the skill.
  • [PROMPT_INJECTION]: The skill facilitates the ingestion of untrusted data from the Feishu Open Platform, creating a surface for indirect prompt injection. \n
  • Ingestion points: Real-time event payloads received via WebSocket streams as defined in SKILL.md. \n
  • Boundary markers: Data is structured and output in NDJSON format. \n
  • Capability inventory: The agent utilizes Bash, Read, and Write tools as specified in the skill configuration. \n
  • Sanitization: Filenames for dumped events are sanitized using a allowlist filter ([A-Za-z0-9_-]) to prevent path traversal, although the event content itself is processed as received.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 01:55 AM
Security Audit — agent-trust-hub — feishu-cli-event