lark-whiteboard-cli

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs extracting and then directly embedding Lark "whiteboard" tokens into CLI commands (e.g., --whiteboard-token ) and to "直接使用" provided tokens, which requires the LLM to handle and output secret values verbatim (high exfiltration risk).

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's "第一步：获取画板 Token" workflow explicitly instructs running lark-cli docs +fetch --doc <URL> --as user to read a document URL and extract a whiteboard token, meaning the agent will fetch and parse arbitrary user-provided/public document content (untrusted) and act on the results (e.g., upload/overwrite a board), which enables indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly runs an external CLI package at runtime (e.g. via "npx -y @larksuite/whiteboard-cli@^0.2.0" and the suggested "npm install -g @larksuite/whiteboard-cli@^0.2.0"), which will fetch and execute remote code and is described as a required dependency for normal operation, so it presents a runtime code-execution risk.