feishu-doc

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs the agent to extract a doc_token from a URL and include that token verbatim in generated JSON actions (e.g., { "action": "read", "doc_token": "ABC123def" }), which forces the LLM to output resource tokens/credentials directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly extracts doc_token from Feishu URLs (e.g., https://xxx.feishu.cn/docx/ABC123def) and instructs the agent to run read/list_blocks to ingest and interpret Feishu document content (user-generated third-party content) as part of its workflow, so that external document text could materially influence subsequent decisions.