feishu-cli-export
Pass
Audited by Gen Agent Trust Hub on May 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes feishu-cli via the Bash tool to perform document exports and media downloads.
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface. Ingestion points: Document content from Feishu read into the agent context via the Read tool. Boundary markers: Absent in the provided instructions. Capability inventory: Access to Bash and Read tools. Sanitization: No sanitization of document content is mentioned.
- [EXTERNAL_DOWNLOADS]: The skill documentation points to the feishu-cli repository on GitHub, which is a well-known service and belongs to the skill author.
- [CREDENTIALS_UNSAFE]: Credential management for Feishu API access relies on environment variables and local configuration files, following standard secure practices for CLI tools.
Audit Metadata