feishu-bitable

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill’s examples and tool interface require embedding app_token/file_token values directly in command/JSON parameters (e.g., the python CLI call with "app_token":"S404b..."), which would force an agent to include secret tokens verbatim in its outputs — an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md and examples show it calling Feishu Bitable APIs (e.g., list_fields and list_records) to fetch user-generated table fields and records from Feishu (a third-party service) which the agent must read and interpret to construct subsequent API calls and actions, so those external, potentially untrusted contents could supply instructions that influence behavior.