feishu-docx

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (medium risk: 0.60). Yes — the prompt includes an explicit, out-of-scope instruction telling the agent not to read or analyze the obfuscated scripts (to "avoid wasting token and time"), which functions to hide potentially relevant code and therefore acts like a deceptive/hidden directive outside the skill's stated conversion purpose.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow (references/feishu-to-markdown.md and scripts/feishu-to-markdown.js) explicitly fetches and parses online Feishu documents (user-generated/public Feishu content) via the Feishu API using a document_id/tenant_access_token and the agent is expected to read and interpret those document blocks (including callouts, images, and text) as part of conversion logic, so untrusted third-party content can influence actions and processing.