feishu

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill calls the public Feishu APIs (open.feishu.cn) in scripts like scripts/group_wrapper.py, scripts/cloud_document_wrapper.py and scripts/lark_fast_api.py to retrieve user-generated chat/file metadata (chat IDs, file tokens, import task URLs) and then programmatically uses those values (e.g., to grant permissions), so untrusted third‑party content from Feishu can directly influence the agent's subsequent actions.