feishu-permission-setup

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's runtime script scripts/feishu_scope_publish.js uses Playwright to navigate to and scrape live pages on the public Feishu site (e.g., https://open.feishu.cn/app/${appId}/baseinfo and dialogs/rows it reads like dialog.textContent()/row.textContent()), and it parses that page text to decide actions (add/publish scopes, click buttons), so third-party page content can directly influence tool behavior.