Missing User Warnings
Medium
- Confidence
- 80% confidence
- Finding
- The skill encourages creating, reading, and updating Feishu documents over remote HTTP APIs without clearly warning that document contents, file data, and identifiers are transmitted to external Feishu services and may modify user data. In an agent context, this can lead to unintended exfiltration of sensitive business content or unauthorized state-changing actions if users are not explicitly informed and consenting.
