feishu-cli-wiki

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill's CLI examples and workflows require embedding node_token/document_token values directly into generated commands (e.g., feishu-cli wiki get <node_token>), which forces the agent to output user-provided tokens verbatim and therefore poses a secret-exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill fetches and exports user-generated Feishu/Lark wiki content (e.g., via URLs like https://xxx.feishu.cn/wiki/ and the feishu-cli wiki export/get commands) and instructs the agent to read and analyze the resulting Markdown and images, so untrusted third‑party content could indirectly inject instructions.

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

• Secret detected (high risk: 1.00). I scanned the entire skill prompt looking for literal, high-entropy values that could be usable credentials.
• Flagged: The string "WvHQwCaDKiJZAjkm354cvZNjnxd" (used in the example "feishu-cli wiki get WvHQwCaDKiJZAjkm354cvZNjnxd") is a high-entropy, random-looking literal token and not a placeholder. It appears to be a node token and could be a usable credential, so it is treated as a potential secret.
• Ignored: All occurrences of angle-bracket placeholders such as <node_token>, <space_id>, <document_token>, and examples like <node_token_1> are documentation placeholders and intentionally ignored. Long numeric IDs (e.g., 7123456789012345678, 7540365701802885139) are identifiers, not high-entropy secrets, so I did not flag them. No PEM blocks, API key prefixes (sk-...), or other obvious real credentials were present.

Conclusion: one high-entropy literal token found (WvHQwCaDKiJZAjkm354cvZNjnxd). If this example is intentionally fictional, it should be replaced with a clear placeholder (e.g., YOUR_NODE_TOKEN) to avoid accidental leaks.