lark-drive

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and parses user-generated Drive/Wiki content (e.g., drive +search, docs +fetch --detail with-ids to obtain block IDs, wiki.spaces.get_node to resolve wiki nodes, and drive file.comments list) and then uses that content to drive actions (adding comments, selecting tokens, deciding follow-up API calls), so untrusted document/comment content could materially influence tool behavior.