lark-doc

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs the agent to extract tokens (e.g., wiki_token, obj_token, file_token) and use them directly in CLI/API parameters/commands, which requires including secret-like token values verbatim in subsequent outputs and is therefore an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and ingests user-generated document content and external media URLs (see SKILL.md and references/lark-doc-fetch.md / references/lark-doc-create.md which require using docs +fetch on doc URLs and state <image url="..."/>/<file url="..."/> will be automatically downloaded), and those fetched markdown/media tokens are parsed and used to drive follow-up operations (media-preview/media-download, whiteboard edits), so untrusted third-party content can materially influence agent actions.