design-lark-chart

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly ingests user-provided Feishu (飞书) document URLs and "先读文档，抽语义" as part of mandatory workflow (see "什么时候触发" in SKILL.md and the pipeline's input list), so untrusted user-generated document content is read and directly drives planning and rendering decisions, enabling indirect prompt-injection risk.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). Flagged the npx invocation "npx -y @larksuite/whiteboard-cli@^0.2.0" because the skill explicitly runs npx at runtime to fetch-and-execute the @larksuite/whiteboard-cli package (remote npm code execution) and the skill relies on that tool for required checks/conversions.