skills/larksuite/cli/lark-base/Snyk

lark-base

Fail

Audited by Snyk on May 8, 2026

Risk Level: HIGH

Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

Insecure credential handling detected (high risk: 1.00). The prompt tells the agent to extract tokens/file_tokens from links and place them directly into CLI flags (e.g., --base-token, --token), which requires the LLM to include secret/resource tokens verbatim in generated commands—an exfiltration risk.

Issues (1)

W007

HIGH

Insecure credential handling detected in skill instructions.

Audit Metadata

Risk Level

HIGH

Analyzed

May 8, 2026, 03:03 AM

Issues

1