Feishu Doc Writing

Security checks across malware telemetry and agentic risk

Overview

This is a simple Feishu document-writing guide with disclosed formatting and sharing defaults, not executable behavior.

Safe to install as a writing aid. Before allowing an agent to create or share a Feishu document, confirm the intended recipients, who counts as the boss or group members, and whether any external-facing version needs additional redaction.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The trigger condition is broad enough to match many ordinary requests involving meeting notes, chat summaries, or research writeups, which increases the chance the skill activates when the user did not explicitly intend to use it. Mis-triggering can cause unintended formatting, document creation behaviors, or application of preset permission rules in contexts where they are inappropriate.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal