feishu-channel

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill receives and processes arbitrary user-generated Feishu messages via a public Webhook subscription (see SKILL.md "配置事件订阅" subscribing to im.message.receive_v1 and the "接收消息 (Webhook Event)" → converted OpenClaw format), which the agent reads and acts on, so untrusted third-party content can influence its behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill depends on Feishu's runtime webhook/API (e.g., https://open.feishu.cn/open-apis/im/v1/messages and the open.feishu.cn platform) to receive user messages that are injected into the agent's prompts, so external content from that URL directly controls agent instructions at runtime.