feishu-cli-export
Audited by Snyk on May 18, 2026
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.80). The skill fetches and exports user-generated Feishu cloud documents and wiki pages (e.g., URLs like https://xxx.feishu.cn/docx/ and https://xxx.feishu.cn/wiki/) and explicitly reads/interprets the exported Markdown and downloaded images as part of its workflow ("读取导出的 Markdown 文件", "Read /tmp/doc_assets/image_*.png", "整合分析"), so untrusted third‑party content can directly influence agent decisions and actions.
HIGH W008: Secret detected in skill content (API keys, tokens, passwords).
- Secret detected (high risk: 1.00). I scanned the entire skill prompt for literal, high-entropy credentials. Most token-like strings are clearly placeholders (e.g., u-xxx, fldcnXXX, ou_xxx, , <node_token>, feishu://media/) or short/example values and are therefore ignored per the rules.
However, the example doc token "JKbxdRez1oNWEKxPz14cWMpBnKh" (used in the doc export-file examples) is a long, random-looking alphanumeric string that meets the high-entropy criteria and is not annotated as a placeholder. This value could plausibly be a real document token usable to perform an export, so it is flagged.
Ignored/accepted-as-non-secrets:
- document_id: ABC123def456 — short/example-looking value, treated as example (low/medium entropy).
- placeholders like
u-xxx,fldcnXXX,ou_xxx, and angle-bracket tokens (<token>,<node_token>) — documentation placeholders per rules. - environment variable names (
FEISHU_APP_ID/FEISHU_APP_SECRET) — names only, no values provided. - any truncated/replaced values (e.g.,
u-xxx) or obvious examples.
Therefore I mark the presence of at least one high-entropy, direct token-like value.
Issues (2)
Third-party content exposure detected (indirect prompt injection risk).
Secret detected in skill content (API keys, tokens, passwords).