lark-base

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill requires extracting tokens (wiki.obj_token / base-token) and inserting them directly into CLI commands (e.g., --base-token, --params '{"token":"..."}'), which forces the LLM to handle and emit secret token values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs the agent to fetch and interpret user-generated content—e.g., the "Wiki 链接特殊处理" section requires calling "lark-cli wiki spaces get_node" to resolve /wiki/... links and to use node.obj_token, and many workflows mandate calling +table-list / +field-list / +record-list / +workflow-get to read table/field/record/workflow content that the agent must parse to build formulas and commands, so untrusted third-party content can materially influence subsequent actions.