Context-Inappropriate Capability
Medium
- Confidence
- 93% confidence
- Finding
- The script explicitly documents a `token` command for debugging that returns the raw Feishu tenant access token. Printing bearer tokens to stdout is dangerous because they can be captured by terminal logs, shell history wrappers, CI logs, or other tooling and then reused to access Feishu APIs as the tenant.
