lark-workflow-erp-inventory

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill repeatedly instructs the agent to capture and embed a sensitive "base_token" value into CLI commands (e.g., --base-token "<base_token>"), which requires the LLM to handle and output a secret verbatim, creating an exfiltration risk.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill explicitly requires reading local repository files at runtime (e.g., "../lark-shared/SKILL.md") via the Read tool, and those files (also ../lark-base/references/formula-field-guide.md, ../lark-base/references/lookup-field-guide.md, etc.) directly control authentication/field-creation instructions and thus can influence agent prompts and behavior.