feishu-im-read

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly describes fetching Feishu (飞书) chat history—"fetch group/DM messages, thread replies, and download attached files/images" and the "读取消息历史" tool_action—so the agent will ingest untrusted, user-generated messages from public/third-party chats which could contain instructions that influence behavior.