feishu-cli-plantuml
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION] (LOW): Indirect prompt injection surface identified. Ingestion points: Processes natural language descriptions from the user via the argument-hint parameter in SKILL.md. Boundary markers: No delimiters or specific ignore instructions are used to wrap user-provided data. Capability inventory: The skill is granted Bash, Read, and Write permissions, which could be abused if the agent is manipulated by malicious input. Sanitization: No input validation or sanitization logic is implemented in the instructions.
- [NO_CODE] (SAFE): The skill files consist entirely of Markdown documentation and templates; no executable scripts, binaries, or package dependencies are provided.
Audit Metadata