feishu-bitable

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill's examples and required parameters (e.g., app_token) explicitly place API tokens into JSON/API requests, which would require the LLM to include secret values verbatim in generated output.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's required workflow (SKILL.md and examples) calls feishu_bitable_app_table_field.list and feishu_bitable_app_table_record.list to read fields and records from Feishu Bitable tables (user-generated data) and then acts on that data (constructing writes, deletes, uploads), so it ingests untrusted third‑party/user content that can influence subsequent tool use.