lark-doc

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly requires extracting tokens from document tags and embedding them in follow-up tool/CLI calls (e.g., --doc "文档URL或token"), which forces the agent to handle secret token values verbatim and creates an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly reads and acts on user-provided Feishu document URLs via "docs +fetch --api-version v2 --doc " and on embedded external resources (e.g., / which are downloaded by HTTP GET and embedded / tokens that drive automatic handoffs), so untrusted third‑party content can be ingested and materially influence subsequent tool actions.