feishu-cli-mail

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to fetch and read email bodies from the user's Feishu mailbox via commands like mail message, mail messages, and mail triage, and to use that untrusted, user-generated email content when composing replies/forwards (e.g., reply/reply-all attaches the original body), which could allow embedded instructions in emails to influence subsequent actions.