lark-base

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt instructs the agent to extract tokens from links (e.g., /base/{token}, wiki obj_token) and use them as CLI arguments like --base-token (or other --file-token), which requires including secret/token values verbatim in generated commands—an exfiltration risk.