lark-workflow-personal-crm

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill explicitly instructs recording and embedding a "base_token" (shown as --base-token "<base_token>") into CLI/data-query commands, which requires the agent to include secret token values verbatim in generated commands/outputs.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's required workflow explicitly scans the user's mailbox and calendar (e.g., "lark-cli mail +messages" and "lark-cli calendar +agenda") and parses email bodies/meeting content to generate interaction summaries, update records, compute follow-up reminders, and send messages, so untrusted external email/calendar content could materially influence agent behavior and downstream actions.