feishu-integration

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The code contains hard-coded Feishu App credentials, app tokens and specific user IDs/emails combined with explicit routines that grant "full_access"/administrator roles (automatically adding a named user as collaborator/admin), which constitutes an intentional backdoor-like abuse vector enabling remote takeover of created/existing resources — while there is no obfuscated payload or obvious data exfiltration endpoint, the embedded credentials and automatic admin-granting behavior make this high-risk for malicious abuse.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's runtime scripts (e.g., scripts/add_feishu_collaborator.py, create_feishu_app.py, create_feishu_bitable.py) make live requests to the Feishu open API endpoints (https://open.feishu.cn/open-apis/...) and parse user/bitable/role JSON responses (user-generated/vendor-hosted content) which the agent reads and then uses to decide actions such as selecting roles, adding collaborators, creating records — meeting the criteria for ingesting untrusted third‑party content that can influence tool use.