lark-whiteboard

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs the agent to extract/use whiteboard tokens (e.g., wbcnXXX) and embed them directly into CLI commands and update calls (e.g., +update , --whiteboard-token ), which requires outputting secret values verbatim and creates an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflows explicitly fetch and ingest external, user-provided web content—e.g., SKILL.md Step 1 instructs using lark-cli docs +fetch --doc <URL> to extract whiteboard tokens from arbitrary document URLs and references/image.md prescribes curl -L -o photo.jpg "<URL>" and uploading downloaded images (then inspecting rendered results), so untrusted third‑party content is read and used to drive subsequent tool actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill repeatedly runs remote code via npx (e.g. "npx -y @larksuite/whiteboard-cli@^0.2.11"), which is fetched and executed at runtime and is a required dependency for rendering/updates, so it is a high-confidence runtime external dependency that executes remote code.