Context-Inappropriate Capability
High
- Confidence
- 98% confidence
- Finding
- The skill explicitly requires printing live `tenant_access_token`, `file_token`, `ticket`, `doc_url`, and `doc_token` in user-visible output and logs. These artifacts are not necessary for the user-facing purpose of generating and uploading a report, and exposing them can enable unauthorized access, replay, document discovery, or abuse of the connected Feishu workspace.
