wecom-cs-automation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill ingests untrusted, user-generated messages from external users via the 企业微信 webhook (see SKILL.md wecom callback and payload.Event.Content) which are read by handle_message and workflows/answer_question.py and then fed into KB search and LLM prompts to generate replies or trigger escalation, so third‑party content can materially influence tool use and next actions.