skills/larksuite/cli/lark-sheets/Snyk

lark-sheets

Fail

Audited by Snyk on May 2, 2026

Risk Level: HIGH

Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

Insecure credential handling detected (high risk: 1.00). The prompt's examples and CLI usage require inserting tokens like spreadsheet_token, file_token, and wiki_token directly into command-line JSON parameters, which forces the agent to include secret/document tokens verbatim in generated commands/outputs.

Issues (1)

W007

HIGH

Insecure credential handling detected in skill instructions.

Audit Metadata

Risk Level

HIGH

Analyzed

May 2, 2026, 03:00 AM

Issues

1