mirror of
https://github.com/larksuite/cli.git
synced 2026-07-03 14:02:43 +08:00
feat(skill): add relative-path-only rule to lark-shared security section
lark-cli rejects absolute paths for --file, --output, --output-dir, and @file with 'unsafe file path'. Document this in lark-shared so agents know to use cwd-relative paths or stdin for data input. Change-Id: I50cf801c2c5d0e3cbb98a76e1752d410518c8636
This commit is contained in:
@@ -123,6 +123,7 @@ lark-cli 命令执行后,如果检测到新版本,JSON 输出中会包含 `_
|
||||
|
||||
## 安全规则
|
||||
|
||||
- **文件路径只接受相对路径**:`--file`、`--output`、`--output-dir`、`@file` 等路径参数只接受 cwd 下的相对路径,传绝对路径会报 `unsafe file path`。数据输入(`@file`、大 JSON)优先用 stdin 传入,避免路径和转义问题。
|
||||
- **禁止输出密钥**(appSecret、accessToken)到终端明文。
|
||||
- **写入/删除操作前必须确认用户意图**。
|
||||
- 用 `--dry-run` 预览危险请求。
|
||||
|
||||
Reference in New Issue
Block a user