feishu-cli-toolkit

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt repeatedly shows commands that require passing tokens/credentials as explicit CLI arguments (e.g., , <file_token>, --user-access-token and uses those values directly in generated scripts/loops), which would force the LLM to include secret values verbatim in outputs and thus creates an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and ingests user-generated content from Feishu (see SKILL.md: "11. 搜索" for searching messages, "10. 知识库" for wiki get/export, and "13. 文档附件下载" which uses doc export/wiki export and parses Markdown links) and then parses/acts on that content (extracting tokens, downloading media, importing diagrams), so untrusted third‑party content can materially influence subsequent tool actions.