lark-im

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly fetches and ingests user-generated chat messages (e.g., via references/lark-im-chat-messages-list.md and references/lark-im-messages-search.md) and its AI usage guidance tells the agent to read, summarize, and act on that content (e.g., send replies via references/lark-im-messages-reply.md), so untrusted third-party message content can materially influence tool actions.