feishu-send-file

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt contains examples and usage patterns that embed secrets verbatim (app_id/app_secret) in curl request bodies and as CLI arguments (e.g., ./scripts/send-file.sh <app_id> <app_secret> and the tenant_access_token curl -d with app_secret), so an agent generating those commands would need to output secret values directly, creating exfiltration risk despite recommending env vars.