Context-Inappropriate Capability
Medium
- Confidence
- 88% confidence
- Finding
- The skill persists a shared Feishu tenant access token to a common file under ../../memory/feishu_token.json, creating cross-skill credential state. If other skills or local users can read that path, they may reuse the bearer token to access Feishu APIs within its validity window, causing privilege leakage and lateral movement across components.
