feishu-cli-search

Pass

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes feishu-cli commands via the Bash tool to perform searches and manage authentication. It reads and writes sensitive User Access Tokens stored in ~/.feishu-cli/token.json.- [EXTERNAL_DOWNLOADS]: The instructions direct the user to download the feishu-cli tool from the vendor's GitHub repository (github.com/riba2534/feishu-cli).- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection by ingesting untrusted data from Feishu. Ingestion points: Results from document, message, and app searches (SKILL.md). Boundary markers: None provided to separate search results from agent instructions. Capability inventory: Ability to execute shell commands via the Bash tool. Sanitization: No sanitization or escaping of the search results is implemented.
Audit Metadata
Risk Level
SAFE
Analyzed
May 18, 2026, 01:48 PM
Security Audit — agent-trust-hub — feishu-cli-search