feishu-wiki

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs the agent to extract tokens from URLs and embed those token strings verbatim in JSON tool actions (e.g., "token": "ABC123def", "doc_token": "obj_token"), which requires the LLM to handle and output secret/opaque token values directly, creating an exfiltration risk.