feishu-fetch-doc

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt instructs the agent to extract document/resource tokens from HTML and include them verbatim in tool-call JSON (e.g., resource_token, token), which causes secret-like tokens to pass through the LLM's output and risks exfiltration.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md requires fetching and parsing user-provided Feishu cloud documents and wiki URLs (doc_id or https://xxx.feishu.cn/wiki/...), ingesting their Markdown content and media tokens and then calling other tools (feishu_doc_media, feishu_wiki_space_node) as part of the required workflow, so untrusted third-party (user-generated) content could influence parsing and subsequent tool actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). This skill fetches and returns remote Feishu documents at runtime (e.g., https://xxx.feishu.cn/docx/Z1FjxxxxxxxxxxxxxxxxxxxtnAc and https://xxx.feishu.cn/wiki/ABC123), injecting that Markdown content into the agent context so external content could directly control prompts.