lark-workflow-doc-perm

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The workflow requires inserting document tokens and user identifiers directly into generated CLI commands (e.g., --params '{"token":"<file_token>"}'), so if the agent is given those secrets it would include them verbatim in outputs, creating an exfiltration risk.