feishu-cli-export

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly exports and ingests user-generated Feishu cloud documents and wiki pages (e.g., https://xxx.feishu.cn/docx/ and https://xxx.feishu.cn/wiki/) and its workflow in SKILL.md requires reading the exported Markdown and downloaded images for analysis, so untrusted third-party content can directly influence the agent's interpretation and subsequent actions.

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

• Secret detected (high risk: 1.00). I scanned the entire skill prompt for literal, high-entropy values that could provide access.

Flagged:

• "JKbxdRez1oNWEKxPz14cWMpBnKh" (used twice as a <doc_token> in the export-file examples). This is a random-looking, high-entropy alphanumeric string and is presented as a concrete token value (not a placeholder like <doc_token>), so it meets the definition of a secret.

Ignored / not flagged:

• FEISHU_APP_ID / FEISHU_APP_SECRET — these are environment variable names (no values provided), so per rule #3 they are ignored.
• "ABC123def456" (document_id in front matter) — short, low-entropy alphanumeric example; treated as an example/placeholder.
• "fldcnXXX" (folder token example) — contains obvious "XXX" placeholder pattern; treated as a documentation placeholder.
• URL patterns with / <node_token>, and other example commands showing angle-bracketed placeholders — documentation placeholders and not concrete secrets.
• Any simple example passwords/strings are absent or clearly example text and thus ignored.

Therefore at least one real-looking high-entropy token is present (JKbxdRez1oNWEKxPz14cWMpBnKh), so I mark the prompt as containing a secret.