feishu-cli-htmlbox

Pass

Audited by Gen Agent Trust Hub on Jul 2, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill's HTML templates reference and download JavaScript libraries (such as ECharts, Three.js, and echarts-gl) and GeoJSON map data from the jsDelivr CDN (cdn.jsdelivr.net), which is a well-known service provider.
  • [COMMAND_EXECUTION]: The skill employs feishu-cli for document block operations and agent-browser to locally verify generated HTML content through a shell script before the content is uploaded to Feishu.
  • [PROMPT_INJECTION]: The skill identifies a potential indirect prompt injection surface in the documentation for the window.magic API, where document content is ingested for processing by AI models.
  • Ingestion points: Document content is retrieved using the window.magic.getDocAsMarkdown() method as described in references/window-magic.md.
  • Boundary markers: The provided documentation examples do not include specific delimiters or instructions to prevent the AI from following commands embedded within the retrieved document text.
  • Capability inventory: The skill possesses capabilities to modify Feishu documents, send messages, and execute local browser commands.
  • Sanitization: The provided developer examples do not demonstrate explicit sanitization or filtering of the retrieved document content before it is processed.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 2, 2026, 10:39 AM
Security Audit — agent-trust-hub — feishu-cli-htmlbox