feishu-doc

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly documents fetching and reading Feishu cloud documents (e.g., doc.read_content and extracting document_id from URLs like https://xxx.feishu.cn/docx/doccnXXXX), meaning the agent ingests user-generated third-party doc content and can act on it (create/update), which could allow indirect prompt injection.