feishu

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The CLI examples require passing tokens/IDs as command-line arguments (e.g., --file-token, --chat-id), which would force the agent to insert secret/token values verbatim into generated commands, risking secret exfiltration.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill fetches and processes user-generated content from Feishu chats and cloud documents—e.g., MessageManageWrapper.list_messages / get_message_content, MessageManageWrapper.get_message_resource (used by FileCollectorBot), CloudSpaceWrapper.list_comments, and DocBlockWrapper.list_blocks—which the bot reads and uses to make decisions (confirmations, downloading files, matching comments to document blocks) and to drive downstream tool execution (launching Claude with the downloaded workdir), so untrusted third-party content can materially influence actions.