duoduo-channel-admin

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs the agent/admin to read and act on user-generated channel data (e.g., inbound message snapshots and descriptors/logs such as ~/.aladuo/var/ingress/*, ~/.aladuo/var/channels/<channel_id>/descriptor.md and duoduo channel feishu logs) coming from Feishu/WeChat users, and those untrusted messages and descriptors are used to drive diagnostics and decisions (reset/archive actions), so they could carry indirect prompt-injection content.