Context-Inappropriate Capability
Medium
- Confidence
- 95% confidence
- Finding
- The script explicitly accepts the Feishu App Secret via a command-line flag and even documents that usage in the help text. Command-line arguments are commonly exposed through process listings, shell history, audit logs, and job runners, so this creates unnecessary credential exposure beyond the skill's core purpose of uploading files.
