Feishu Leave Request

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only Feishu leave-request helper that is scoped to collecting confirmed leave details and submitting them through the user's own Feishu app.

Install only if you want an assistant to help submit real Feishu leave requests. Confirm the dates, duration, type, and reason carefully, and use it while signed into the correct Feishu workplace account.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The description is broad enough to trigger on ordinary conversation about taking time off, which can cause the agent to invoke browser automation in contexts where the user has not clearly asked to submit a leave request. That increases the chance of unintended workflow execution, unnecessary collection of personal HR information, or accidental submission attempts.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal