alibabacloud-aes-sysom-os-diagnosis

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly requires collecting a DingTalk webhook URL from the user and then invoking an SDK script with that URL as a literal command argument (embedded verbatim), which forces the LLM to receive and output a secret-like token (access_token) in commands—an exfiltration risk.