feishu-setup

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md and scopes.json explicitly require subscribing to Feishu event im.message.receive_v1 and grant im:message:readonly, so the agent ingests untrusted, user-generated Feishu messages (from the Feishu platform) that it will read and act on, enabling potential indirect prompt injection.