lark-slides

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs extracting tokens (e.g., wiki obj_token / xml_presentation_id) from API responses and embedding them verbatim into subsequent CLI/JSON parameters (e.g., --params '{"xml_presentation_id":"..."}'), which requires the LLM to handle/output secret or sensitive token values directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to call wiki.spaces.get_node and lark-cli slides xml_presentations.get to read wiki nodes and full presentation XML (user-generated content) as part of its workflow (SKILL.md Workflow and Wiki Link handling), which exposes it to untrusted third‑party content that can influence subsequent create/delete actions.