feishu-im-read

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly exposes the agent to user-generated Feishu chat content—e.g., "读取群聊/私聊历史消息" and the message.history tool (with file/image download) which ingests other users' messages/files that could contain untrusted instructions.