dingtalk-message

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill explicitly instructs the agent to collect missing credentials from the user and persist them into config files and to generate scripts/commands that embed/use those credentials, which requires the LLM to receive and could output secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill ingests and acts on user-generated message content delivered in DingTalk callback bodies (e.g., sessionWebhook / callback fields like text.content, senderStaffId, conversationId) and uses that content to route and decide replies, so untrusted third-party inputs could influence tool use or actions.