feishu-cli-schema
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the 'Bash' tool to execute the 'feishu-cli' utility. Access is constrained to specific subcommands ('schema', 'api', 'auth') via the 'allowed-tools' configuration, which limits the scope of command execution to the intended functionality of the tool.
- [EXTERNAL_DOWNLOADS]: The documentation provides a link to the author's official GitHub repository ('github.com/riba2534/feishu-cli') for the installation of the CLI tool. This is a legitimate reference to the vendor's own resource.
- [PROMPT_INJECTION]: The skill facilitates the ingestion of data from external Feishu API responses, creating a surface for indirect prompt injection.
- Ingestion points: Data returned by the 'feishu-cli api' command is processed by the agent.
- Boundary markers: No explicit delimiters or boundary markers are defined to help the agent distinguish between API data and its primary instructions.
- Capability inventory: The skill possesses significant capabilities, including the ability to read local files and perform authenticated network operations against Feishu's infrastructure.
- Sanitization: The skill does not mention any validation or sanitization of the content returned by the external APIs before it is ingested into the context.
Audit Metadata