dingtalk-workflow-content-pipeline

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow (e.g., "Step 2: 并行研究" and notes "研究阶段使用 WebSearch 获取更广泛的话题动态" and saved research records with "研究来源":"https://...") explicitly instructs the agent to fetch and ingest open web content (WebSearch/public URLs) which the agent then uses to evaluate and generate plans, allowing untrusted third-party content to influence actions.