daily-report
Warn
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/create_feishu_doc.pyusessubprocess.runto invoke an external Python script (md_parser.py) located in a separate skill directory (~/.agents/skills/feishu-doc-orchestrator/). - [CREDENTIALS_UNSAFE]: The skill is designed to read sensitive local configuration files, specifically
~/.openclaw/.envand~/.claude/feishu-config.env, to retrieve Feishu API authentication credentials (FEISHU_APP_ID,FEISHU_APP_SECRET). - [DATA_EXFILTRATION]: The skill retrieves local credentials and transmits data to a configurable API domain. Additionally, a hardcoded absolute file path in
scripts/generate.py(/Users/delta/.openclaw/workspace) exposes internal system information, including a local username and directory structure. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its news gathering workflow.
- Ingestion points: External news content gathered via
web_searchandweb_fetchtools. - Boundary markers: None identified in the report formatting templates to delimit untrusted news content.
- Capability inventory: Shell command execution via
subprocess.runinscripts/create_feishu_doc.py, local file system writes inscripts/generate.py, and authenticated network requests inscripts/create_feishu_doc.py. - Sanitization: The
clean_cell_contentfunction inscripts/create_feishu_doc.pyremoves zero-width characters and Byte Order Marks from processed text.
Audit Metadata