feishu-cli-okr

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill documentation references the feishu-cli repository on GitHub (github.com/riba2534/feishu-cli) for installation instructions. This repository is maintained by the skill's author.
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to execute feishu-cli commands. Usage is restricted to the okr:* namespace as defined in the skill's allowed-tools configuration.
  • [PROMPT_INJECTION]: The skill processes external data retrieved from Feishu APIs, which presents a surface for indirect prompt injection.
  • Ingestion points: Data retrieved via feishu-cli okr cycle list and feishu-cli okr progress list commands is incorporated into the agent's context.
  • Boundary markers: The instructions do not define specific boundary markers for the retrieved data.
  • Capability inventory: The agent's capabilities are scoped to Bash execution of feishu-cli okr:* and file reading.
  • Sanitization: The skill does not explicitly detail sanitization procedures for the data retrieved from the API.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 01:55 AM
Security Audit — agent-trust-hub — feishu-cli-okr