feishu-interactive-cards

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill receives and forwards untrusted, user-generated Feishu card callback data (see scripts/card-callback-server.js which sends callback.data/raw_data and action.value to the OpenClaw Gateway, and references/gateway-integration.md showing the agent processes those callbacks), so the agent will read/interpret third-party user content that could enable indirect prompt injection.