lark-mcp

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflows explicitly search and read user-generated Feishu documents and chat messages (e.g., tools docx_builtin_search + docx_v1_document_rawContent in reference/documents.md and im_v1_message_list in reference/messages.md), meaning the agent ingests third-party user content that can materially influence actions (summaries, message construction, table updates), exposing it to indirect prompt-injection risk.