feishu-cli-read
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to download and install the
feishu-clitool from the author's public GitHub repository (github.com/riba2534/feishu-cli). - [COMMAND_EXECUTION]: Uses the
Bashtool to executefeishu-clicommands for document export (doc export,wiki export), node retrieval (wiki nodes), and authentication management (auth login,auth status). - [DATA_EXFILTRATION]: The skill reads sensitive authentication tokens from the local file system at
~/.feishu-cli/token.jsonand accesses theFEISHU_USER_ACCESS_TOKENenvironment variable to authenticate API requests. - [INDIRECT_PROMPT_INJECTION]:
- Ingestion points: The skill reads untrusted content from external Feishu cloud documents and wiki pages, as well as metadata from knowledge bases (SKILL.md).
- Boundary markers: There are no explicit delimiters or instructions to ignore embedded commands within the ingested document content provided in the skill instructions.
- Capability inventory: The agent has access to
Bash,Read, andGreptools, allowing it to execute system commands and read files in the/tmpdirectory where document content is stored. - Sanitization: No evidence of sanitization or filtering of the external document content exists before it is processed by the agent.
Audit Metadata