lark-slides

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly ingests and acts on user/third‑party documents (e.g., resolving /wiki/ URLs via wiki.spaces.get_node and reading slide XML with xml_presentations.get and xml_presentation.slide.get as described in SKILL.md and the +replace-slide / edit workflows), and the agent is expected to parse that untrusted XML (block_ids, content) to decide and execute edits, so external/user content can materially influence tool actions.