feishu-cli-read

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly fetches and exports user-generated Feishu cloud documents and wiki pages via URLs, document IDs or node tokens (using feishu-cli doc export / wiki export) and then uses a Read tool to parse the exported Markdown and images, so untrusted third-party document content can directly influence the agent's analysis and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly fetches Feishu documents at runtime (e.g., https://xxx.feishu.cn/docx/ and https://xxx.feishu.cn/wiki/<node_token>) via feishu-cli export and then reads/injects that fetched Markdown/images into the model for analysis, meaning external document content directly controls the agent's input/context.