lark-mail

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly reads and processes arbitrary external emails (e.g., via +message, +messages, +thread, +triage, +watch as documented in SKILL.md and references/lark-mail-message.md), and those untrusted, user-generated email bodies are used for LLM analysis and to drive actions like drafting, replying, forwarding, and sending, which could be influenced by prompt-injection in third-party content.