feishu-doc-converter

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests public third-party webpages (e.g., url_to_md and _wechat_to_md which fetch mp.weixin.qq.com articles and SKILL.md’s "外部链接 → Markdown" flow, and it instructs using browser.open/browser.extract_text or wechat-article-fetcher to read arbitrary URLs), so the agent will read untrusted, user-generated web content as part of its workflow and could be exposed to indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill fetches external documents at runtime (e.g., Feishu API endpoints via config['FEISHU_API_DOMAIN'] such as https://feishu.cn/open-apis/... and external articles like https://mp.weixin.qq.com/s/xxx) and returns that content as Markdown which can be injected into an agent's context and thus potentially control prompts.