lark-workflow-health-diary

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly downloads and processes user-submitted Feishu (飞书) messages and images via the im +messages-resources-download flow and then uses AI interpretation of those photos/texts to create records, run analyses, and send reminders (base +record-upsert, base +record-list, im +messages-send, doc +create), so untrusted user-generated content can materially influence agent decisions and tool usage.