lark-workflow-announce

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly reads user-generated group announcement HTML from the Lark API (Step 2: MSYS_NO_PATHCONV=1 lark-cli api GET "/open-apis/im/v1/chats/<chat_id>/announcement") and then uses that content in its workflow (merging/appending and issuing PATCH), so untrusted third-party content is ingested and can influence subsequent actions.