feishu-cli-attendance

Warn

Audited by Snyk on Jun 13, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.85). 该 skill 运行时通过 feishu-cli attendance 调用飞书开放平台的考勤 OpenAPI(如 POST /open-apis/attendance/v1/user_tasks/query.../user_stats_datas/query),LLM 会读取并把飞书返回的“姓名/结果/统计字段”等响应文本放入上下文;这些响应内容属于飞书/第三方系统的外部数据(OUTSIDER)。

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 13, 2026, 01:55 AM
Issues
1
Security Audit — snyk — feishu-cli-attendance