The Agent Skills Directory

[SAFE]: The skill implements secure credential management by using environment variables (FEISHU_APP_ID, FEISHU_APP_SECRET) loaded via the dotenv package, avoiding the use of hardcoded secrets.
[COMMAND_EXECUTION]: The main entry point in index.js and the compatibility script send.js use child_process.spawn to execute local scripts. This implementation is secure as it avoids the use of a shell and passes arguments as an array, mitigating command injection risks.
[PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection as it retrieves and parses untrusted data from Feishu message logs. 1. Ingestion points: Untrusted message content is retrieved in get.js, list.js, and get_latest_file.js. 2. Boundary markers: The scripts do not use explicit delimiters to wrap retrieved message content before display. 3. Capability inventory: The skill can execute local Node.js scripts, perform network requests to official Feishu endpoints, and manage local files for token caching. 4. Sanitization: Content is extracted from JSON structures and displayed without specific filtering for embedded agent instructions.

feishu-message