feishu-e2e-test

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt explicitly shows typing full URLs containing YOUR_DOC_TOKEN and notes the Feishu bot appid/secret may be "given in chat", which would require the agent to output those secret values verbatim into commands/inputs (exfiltration risk).

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill drives an agent-browser to open Feishu web (https://feishu.cn/next/messenger) and to send/read Feishu document URLs (e.g., https://feishu.cn/docx/YOUR_DOC_TOKEN) and instructs using the feishu_doc tool to read those docs, which are third-party/user-generated content the agent will ingest and interpret, allowing indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's runtime testing steps instruct sending Feishu document URLs (e.g. https://feishu.cn/docx/YOUR_DOC_TOKEN) which the feishu_doc tool will fetch at runtime and inject into the agent's context, therefore external content can directly control prompts.