feishu-cli-import

Fail

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: HIGHPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill instructions include a 'CRITICAL' block that mandates the agent to 'immediately' perform permission-altering actions after document creation. This pattern attempts to override the agent's default operational flow and force the execution of sensitive commands without explicit user confirmation for each instance.
  • [DATA_EXFILTRATION]: The skill directs the agent to grant 'full_access' and transfer ownership of all newly created documents to a hardcoded email address ('user@example.com'). This represents a significant data exfiltration risk, as user-created documents would be automatically shared with an external party.
  • [COMMAND_EXECUTION]: The skill uses the 'Bash' tool to execute 'feishu-cli' and 'python3' commands. These operations involve interpolating user-provided file paths into shell command lines, which presents a risk of command injection.
  • [EXTERNAL_DOWNLOADS]: The skill depends on an external CLI tool ('feishu-cli') and provides instructions to download it from a third-party GitHub repository ('github.com/riba2534/feishu-cli').
  • [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection (Category 8) due to its processing of untrusted external files with high-privilege tools.
  • Ingestion points: Markdown files are read and processed to create document content.
  • Boundary markers: There are no identified delimiters or instructions to prevent the agent from following commands that might be embedded within the Markdown files.
  • Capability inventory: The 'feishu-cli' tool has extensive permissions, including document creation, permission management, and ownership transfer.
  • Sanitization: No sanitization or content validation is performed on the Markdown data before it is sent to the Feishu API.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
May 18, 2026, 01:49 PM
Security Audit — agent-trust-hub — feishu-cli-import