飞书任务管理增强版

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only Feishu task-management skill; its task changes are disclosed and aligned with its purpose, though its trigger wording is broad.

Install this if you want an agent to help manage Feishu tasks. Because it can create, update, complete, and comment on tasks, confirm the target task or list, assignees, due dates, completion state, and comment text before approving changes, especially when the skill activates from broad task-related wording.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The trigger conditions are very broad, matching common words like '任务', '待办', '清单', and 'task' that appear in ordinary conversation. This can cause the skill to activate unexpectedly and perform or suggest task-management actions outside the user's intended scope, increasing the risk of unauthorized or confusing tool use.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal