feishu

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill reads user-generated content from Feishu/Lark (e.g., documents via src/doc/actions.ts using client.docx.document.get and documentBlock.list, IM messages via src/im/actions.ts calling /im/v1/messages, and wiki nodes via src/wiki/actions.ts calling /wiki/v2/spaces/get_node), and those untrusted third-party contents are returned and used by the CLI (and could influence follow-up API actions like creating/moving files or adding collaborators), so it clearly exposes the agent to potential indirect prompt injection.