lark-whiteboard

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs extracting and then embedding whiteboard tokens (e.g., wbcnXXX / ) directly into CLI commands and generated update requests, which requires the LLM to handle and output secret values verbatim (high exfiltration risk).

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's required image-preparation workflow (references/image.md) instructs the agent to download images from arbitrary public image sources or direct URLs via curl, validate their contents, and upload them into the whiteboard—clearly ingesting untrusted third-party content that the agent must read/interpret and that can affect rendering and update decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill invokes npx to fetch and run remote code at runtime (e.g. "npx -y @larksuite/whiteboard-cli@^0.2.10" is used throughout to generate/convert/render diagrams), which executes externally fetched package code and is a required dependency for the skill's workflows.