lark-workflow-content-pipeline

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). Yes — the workflow's "话题研究" Step 1 explicitly instructs the agent to search public search engines, technical communities and user discussions (and store "研究来源" URLs), meaning the agent will fetch and read untrusted third‑party web content that can influence evaluation and task-creation decisions.