pdca

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's required workflows (e.g., SKILL.md / assets/references/cron-driving.md and feishu-integration.md) explicitly instruct the agent to fetch and parse user-generated content from Feishu (Wiki docs, Bitable records, Sheets and chat messages via feishu_fetch_doc / feishu_bitable_app_table_record.search / feishu_sheet.read / feishu-im-read) and then make decisions and trigger actions (updates, alerts, phase transitions), which clearly exposes the agent to untrusted third‑party user content that can influence tool use.