feishu-doc-writer

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The spec's examples and API call templates require embedding credentials (tenant_access_token, app_id, app_secret, etc.) directly into request headers or bodies (e.g., Authorization: Bearer <tenant_access_token> and JSON with app_secret), which would force the LLM to output secret values verbatim when constructing requests or commands.