feishu-doc-scraper

Warn

Audited by Snyk on May 18, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). The skill injects and runs scripts (scripts/feishu_dom_capture.js and the SKILL.md workflow) that read and interpret live Feishu document pages and SSR HTML (including image URLs from internal-api-drive-stream.* via scripts/download_feishu_images.py), using the page DOM/TOC/word counts to drive clicks, extraction, and follow-up actions—so it clearly consumes untrusted, user-generated third-party content at runtime which could carry indirect prompt-injection instructions.

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
May 18, 2026, 11:35 PM
Issues
1
Security Audit — snyk — feishu-doc-scraper