lark-workflow-business-advisor

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly ingests social media/user-generated data as part of its required nightly data-collection (Step 1: "lark-cli base +record-list --table-id '<social_snapshot_table_id>'" from the social-tracker) and then uses that untrusted third-party content to drive analyses and recommendations, so external content can materially influence agent actions.