feishu-assistant

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill includes numerous example commands and flags that require embedding tokens/app_tokens (e.g., "bascnXXX", "shtcnXXX", app_secret, user_token) directly as CLI arguments or in generated requests, which encourages the LLM to echo secret values verbatim (an exfiltration risk), even though alternative modes (lark-cli or config files/env) exist.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill reads user-generated Feishu content (knowledge-base articles, chat messages, emails, sheets, base records) via the Feishu Open API—see SKILL.md/README.md and scripts/feishu_client.py (read-wiki-node/read_mail/get_chat_messages/read_sheet/list-base-records)—and the agent is expected to read and act on that content (sending messages, creating/updating docs/records), so untrusted third-party content can materially influence actions.