lark-drive

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt instructs extracting file/wiki tokens and embedding them directly into lark-cli commands/JSON params (e.g., --params '{"token":"..."}'), so the agent would need to handle and output secret-like token values verbatim, risking exfiltration.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill automatically resolves and fetches user-generated Feishu wiki/doc URLs and reads document content and comments as part of its workflows (e.g., SKILL.md and references: using wiki.spaces.get_node to resolve wiki URLs, internal locate-doc calls in drive +add-comment, and drive file.comments list/batch_query), so untrusted third-party document/comment content is ingested and can influence subsequent actions like adding comments, reactions, moves or permission changes.