happycapy-feishu

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly tells the user to "把 App ID 和 App Secret 发给你" and then instructs Claude to embed those values verbatim into commands/config files (e.g., -a <APP_ID> -s <APP_SECRET>, curl), which requires the LLM to handle secrets in its output.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md workflow (steps 3.1–3.4) requires the user to open the Authorization URL on https://open.feishu.cn, paste back the browser callback URL (third‑party/user-provided), and then the agent is instructed to curl that user-supplied callback URL to complete OAuth—i.e. it ingests untrusted third‑party/user-provided content that directly affects authentication and subsequent tool actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill repeatedly runs "npx -y @larksuiteoapi/lark-mcp" at runtime (e.g., registration, login, whoami), which fetches and executes remote npm package code that the skill depends on for operation, so this external runtime dependency is flagged: npx -y @larksuiteoapi/lark-mcp.