Skills
skills/zephyrwang6/myskill/feishu-wiki/Gen Agent Trust Hub

feishu-wiki

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHCREDENTIALS_UNSAFE
Full Analysis
  • [CREDENTIALS_UNSAFE] (HIGH): Hardcoded App ID and App Secret detected in multiple script files.
  • Evidence: APP_ID = "cli_a9f6d47ef9fa5cd5" and APP_SECRET = "PCpgD0IvTiVDaIaxY7cn9gzJGcxaubDJ" are explicitly defined in scripts/add_records.py, scripts/list_wiki.py, and scripts/save_to_wiki.py.
  • Risk: These credentials allow full programmatic access to the Feishu application. If shared or leaked, an attacker could read or modify documents and tables within the linked workspace.
  • [DATA_EXPOSURE] (MEDIUM): Hardcoded internal resource tokens and space identifiers.
  • Evidence: BITABLE_APP_TOKEN, TABLE_ID, WIKI_SPACE_ID, and ROOT_NODE tokens are hardcoded in the scripts.
  • Risk: While these are not secrets in the same way as an API key, they expose the specific internal structure and target data locations of the user's workspace.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 06:13 PM