feishu-cli-vc
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs users to install a CLI tool from the author's GitHub repository (
github.com/riba2534/feishu-cli). This is a documented dependency from the skill's author and follows standard developer tooling patterns. - [COMMAND_EXECUTION]: The skill uses the
Bashtool to executefeishu-clicommands. These commands are used to search for meetings, fetch summaries, and download transcripts. The usage is constrained to the intended functionality of the tool. - [PROMPT_INJECTION]: As the skill retrieves meeting transcripts and AI-generated summaries from Feishu, it has an inherent surface for indirect prompt injection. This is a common characteristic of skills that process external text data, and the risk is considered low given the primary use case of analyzing user-authorized meeting content.
Audit Metadata