lark-doc

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). This skill instructs extracting file/wiki tokens (obj_token/file_token) and embedding them directly into CLI commands/params (e.g., --params '{"token":"..."}'), which requires the LLM to include secret token values verbatim in generated output — a direct exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and ingests user-generated cloud documents (references/lark-doc-fetch.md and references/lark-doc-search.md) and also auto-downloads arbitrary external image/file URLs embedded via markdown (references/lark-doc-create.md and the image/file sections), which the agent is expected to read/interpret and can materially influence subsequent tool actions (search, update, media-download/insert, whiteboard operations).