lark-mail

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and reads external user-generated emails (see SKILL.md and references such as references/lark-mail-message.md and +messages/+thread/+triage) and instructs using body_plain_text for LLM analysis and to draft/reply/forward/send actions, so untrusted third‑party content can directly influence tool use and next actions.