飞书文档操作-林小满

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only Feishu document skill whose read, create, update, overwrite, and delete capabilities match its stated document-editing purpose.

Install this only if you want your agent to work with Feishu documents through the connected Feishu account. Before using write, update_block, or delete_block on important or shared documents, confirm the document token, block ID, target account, and whether version history or backups are available.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill documents destructive actions such as `write` and `delete_block` without clearly warning that they can overwrite or permanently remove existing document content. In an agent setting, this omission increases the chance of accidental data loss because a model or user may invoke these operations without understanding their destructive effect.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal