feishu-cli-search
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes
feishu-clicommands via the Bash tool to perform searches and manage authentication. It reads and writes sensitive User Access Tokens stored in~/.feishu-cli/token.json.- [EXTERNAL_DOWNLOADS]: The instructions direct the user to download thefeishu-clitool from the vendor's GitHub repository (github.com/riba2534/feishu-cli).- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection by ingesting untrusted data from Feishu. Ingestion points: Results from document, message, and app searches (SKILL.md). Boundary markers: None provided to separate search results from agent instructions. Capability inventory: Ability to execute shell commands via the Bash tool. Sanitization: No sanitization or escaping of the search results is implemented.
Audit Metadata