feishu-cli-schema

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the 'Bash' tool to execute the 'feishu-cli' utility. Access is constrained to specific subcommands ('schema', 'api', 'auth') via the 'allowed-tools' configuration, which limits the scope of command execution to the intended functionality of the tool.
  • [EXTERNAL_DOWNLOADS]: The documentation provides a link to the author's official GitHub repository ('github.com/riba2534/feishu-cli') for the installation of the CLI tool. This is a legitimate reference to the vendor's own resource.
  • [PROMPT_INJECTION]: The skill facilitates the ingestion of data from external Feishu API responses, creating a surface for indirect prompt injection.
  • Ingestion points: Data returned by the 'feishu-cli api' command is processed by the agent.
  • Boundary markers: No explicit delimiters or boundary markers are defined to help the agent distinguish between API data and its primary instructions.
  • Capability inventory: The skill possesses significant capabilities, including the ability to read local files and perform authenticated network operations against Feishu's infrastructure.
  • Sanitization: The skill does not mention any validation or sanitization of the content returned by the external APIs before it is ingested into the context.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 01:55 AM
Security Audit — agent-trust-hub — feishu-cli-schema