lark-mail

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and reads external, user-generated email content (e.g., via the +message, +messages, +thread, +triage and +watch shortcuts and the GET mail APIs) which the SKILL.md describes as untrusted input and instructs LLMs to analyze (e.g., "让 LLM 分析 body_plain_text 并生成分组摘要"), so third‑party email content can materially influence agent decisions and tooling actions.