Skills
skills/shaun-z/auto-claude-code-research-in-sleep/feishu-notify/Gen Agent Trust Hub

feishu-notify

Pass

Audited by Gen Agent Trust Hub on Mar 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses curl to send HTTP POST requests for notifications and cat to read its configuration file at ~/.claude/feishu.json.
  • [EXTERNAL_DOWNLOADS]: Communicates with remote Feishu API endpoints and user-configured bridge servers to deliver messages and poll for responses.
  • [PROMPT_INJECTION]: An indirect prompt injection surface is present in the interactive mode workflow. 1. Ingestion points: Remote user input is retrieved via the poll endpoint of the $BRIDGE_URL specified in SKILL.md. 2. Boundary markers: No delimiters or instructions to ignore embedded commands are used when processing the polled data. 3. Capability inventory: The skill uses curl and cat and facilitates data transfer between remote endpoints and other agent skills. 4. Sanitization: The skill does not perform validation or sanitization on the data received from the external bridge before returning it to the agent context.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 17, 2026, 02:39 AM
Security Audit — agent-trust-hub — feishu-notify