feishu-cli-htmlbox
Pass
Audited by Gen Agent Trust Hub on Jul 2, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill's HTML templates reference and download JavaScript libraries (such as ECharts, Three.js, and echarts-gl) and GeoJSON map data from the jsDelivr CDN (cdn.jsdelivr.net), which is a well-known service provider.
- [COMMAND_EXECUTION]: The skill employs feishu-cli for document block operations and agent-browser to locally verify generated HTML content through a shell script before the content is uploaded to Feishu.
- [PROMPT_INJECTION]: The skill identifies a potential indirect prompt injection surface in the documentation for the window.magic API, where document content is ingested for processing by AI models.
- Ingestion points: Document content is retrieved using the window.magic.getDocAsMarkdown() method as described in references/window-magic.md.
- Boundary markers: The provided documentation examples do not include specific delimiters or instructions to prevent the AI from following commands embedded within the retrieved document text.
- Capability inventory: The skill possesses capabilities to modify Feishu documents, send messages, and execute local browser commands.
- Sanitization: The provided developer examples do not demonstrate explicit sanitization or filtering of the retrieved document content before it is processed.
Audit Metadata