feishu-doc

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly includes runtime operations that fetch and read user-generated Feishu cloud documents (e.g., doc.read_content, doc.list_blocks, and extracting document_id from https://xxx.feishu.cn/docx/...), and those fetched doc/wiki contents are then used by the agent and can drive updates/decisions (e.g., update_block_text), so untrusted third-party document content could indirectly inject instructions.