add-feishu

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly asks the agent to collect FEISHU_APP_ID and FEISHU_APP_SECRET from the user and to place them into .env / commands, which requires the model to handle and potentially output secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's FeishuChannel (add/src/channels/feishu.ts) subscribes to Feishu WebSocket events (im.message.receive_v1) and ingests arbitrary user messages which are stored and passed through the main message loop (modify/src/index.ts -> storeMessage/runAgent) as prompts, so untrusted third‑party content can directly influence agent decisions and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill connects at runtime to Feishu APIs (e.g., GET https://open.feishu.cn/open-apis/bot/v3/info and a WSClient to Feishu) and ingests incoming Feishu messages which are forwarded into the agent as prompts, so external content from that URL/service directly controls the agent's input.