feishu-doc-reader
Pass
Audited by Gen Agent Trust Hub on May 24, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes content fetched from external Feishu documents. This creates an attack surface for indirect prompt injection where malicious instructions embedded in a document (text, tables, or metadata) could attempt to influence the agent's behavior.
- Ingestion points: External data enters the agent context from Feishu documents (
docx,doc,sheets) via API calls. - Boundary markers: The instructions do not define specific delimiters or instructions to the agent to ignore embedded commands within the fetched document content.
- Capability inventory: The skill has the capability to execute shell scripts (
scripts/read_doc.sh,scripts/get_blocks.sh), run Python scripts, and perform network requests to the Feishu API. - Sanitization: There is no evidence of content sanitization or validation of the document data before it is presented to the agent.
Audit Metadata