feishu-wiki

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's scripts (e.g., scripts/list_wiki.py and scripts/read_bitable.py) call Feishu/Open-APIs to fetch wiki nodes, pages and Bitable records—which are user-generated/untrusted third-party content—and the agent reads and acts on that content (listing directories, deriving app/table tokens, selecting tables and records) as part of its required workflow, allowing embedded instructions to influence subsequent behavior.