lark-sheets

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt's examples and CLI usage require inserting/using file_token/spreadsheet_token/wiki_token values directly in command parameters (e.g., --params '{"spreadsheet_token":"<spreadsheet_token>"}'), which implies the agent would need to handle and output secret tokens verbatim, creating exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly accepts arbitrary spreadsheet and wiki URLs (see references/lark-sheets-read.md and references/lark-sheets-info.md) and reads/uses cell contents from those user-generated cloud documents as part of find/read/replace/export/write workflows, so untrusted third-party content can influence subsequent tool actions.