lark-doc

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). This skill instructs extracting file/wiki tokens (obj_token/file_token) and embedding them directly into CLI commands/params (e.g., --params '{"token":"..."}'), which requires the LLM to include secret token values verbatim in generated output — a direct exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and processes user-provided Lark/Feishu document content (see references/lark-doc-fetch.md and SKILL.md which instruct using docs +fetch on arbitrary doc URLs or tokens, and handling returned Markdown and / tags), so untrusted, user-generated content is read and can drive follow-up actions (media-download, docs +update, whiteboard operations), enabling indirect prompt-injection risks.