feishu-doc

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly instructs the agent to read and list blocks/comments from arbitrary Feishu document URLs (e.g., action "read" on https://xxx.feishu.cn/docx/ABC123def and "list_blocks"/"list_comments"), which are untrusted, user-generated third‑party documents that the agent must interpret and can drive follow-up edits/comments—allowing indirect prompt injection.