feishu-app-create

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). It explicitly instructs clicking "查看" to reveal App Secret and then copying/recording those secrets into agents.json (and "直接复制使用"), which requires the agent to handle and output secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs the agent to navigate to and snapshot pages on the public Feishu developer site (e.g., https://open.feishu.cn/app and per-app pages) and to read/interpret dynamic page content (refs, buttons, App ID/Secret) as part of its workflow, which ingests untrusted third‑party content that can materially influence subsequent actions.