feishu-cli-read

Pass

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the user to download and install the feishu-cli tool from the author's public GitHub repository (github.com/riba2534/feishu-cli).
  • [COMMAND_EXECUTION]: Uses the Bash tool to execute feishu-cli commands for document export (doc export, wiki export), node retrieval (wiki nodes), and authentication management (auth login, auth status).
  • [DATA_EXFILTRATION]: The skill reads sensitive authentication tokens from the local file system at ~/.feishu-cli/token.json and accesses the FEISHU_USER_ACCESS_TOKEN environment variable to authenticate API requests.
  • [INDIRECT_PROMPT_INJECTION]:
  • Ingestion points: The skill reads untrusted content from external Feishu cloud documents and wiki pages, as well as metadata from knowledge bases (SKILL.md).
  • Boundary markers: There are no explicit delimiters or instructions to ignore embedded commands within the ingested document content provided in the skill instructions.
  • Capability inventory: The agent has access to Bash, Read, and Grep tools, allowing it to execute system commands and read files in the /tmp directory where document content is stored.
  • Sanitization: No evidence of sanitization or filtering of the external document content exists before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
May 18, 2026, 01:48 PM
Security Audit — agent-trust-hub — feishu-cli-read