lark-workflow-meeting-notes

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The workflow's Step 2 explicitly fetches meeting notes from user-provided Lark documents (docs +fetch --doc "<doc_url 或 token>") and vc records, which the agent ingests and then uses to generate summaries and drive messaging actions, meaning user-generated/untrusted content can directly influence its behavior.