feishu-cli-read

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). SKILL.md explicitly instructs the agent to fetch and export arbitrary Feishu cloud documents and wiki content (e.g., via URLs like https://xxx.feishu.cn/docx/ and https://xxx.feishu.cn/wiki/) and to read/interpret the resulting Markdown and images with the Read tool, meaning it ingests untrusted, user-generated third‑party content that can influence its behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly fetches and imports remote Feishu documents at runtime via URLs like https://xxx.feishu.cn/docx/ and https://xxx.feishu.cn/wiki/ (using feishu-cli export and then reading the Markdown/images into the agent), so external document content is injected into the agent context and can directly control prompts/outputs.