lark-workflow-form-builder

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill prompt includes explicit command examples that pass API tokens as command-line arguments (--base-token "<base_token>") and instructs asking/using a base_token, which requires the LLM to handle or embed secret values verbatim (high exfiltration risk).