feishu-cli-htmlbox
Warn
Audited by Snyk on Jul 2, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.85). 该技能运行时会把飞书文档端注入的
window.magic读取到的“当前文档全文/元信息/评论/多维表记录”等内容(外部用户在文档中的自由文本)拼入 LLM 上下文(例如getDocAsMarkdown()→ 传给window.magic.ai),属于“飞书文档中非操作用户选择引入的外部文本”经由文档小程序运行时进入模型。
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.80). The skill's HTML templates load and execute remote JavaScript at runtime (e.g. https://cdn.jsdelivr.net/npm/echarts@5/dist/echarts.min.js, https://cdn.jsdelivr.net/npm/echarts-gl@2/dist/echarts-gl.min.js, https://cdn.jsdelivr.net/npm/three@0.128.0/build/three.min.js, https://cdn.jsdelivr.net/npm/echarts-liquidfill@3/dist/echarts-liquidfill.min.js, https://cdn.jsdelivr.net/npm/echarts-wordcloud@2/dist/echarts-wordcloud.min.js) and fetch external map data (e.g. https://cdn.jsdelivr.net/npm/echarts@4.9.0/map/json/china.json, https://geo.datav.aliyun.com/areas_v3/bound/{adcode}_full.json), which are invoked during runtime and are required dependencies that execute remote code or supply external data affecting runtime behavior.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata