The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses spawnSync to execute ffmpeg for image conversion and compression. It correctly passes arguments as an array rather than a shell string, which prevents command injection vulnerabilities.
[CREDENTIALS_UNSAFE]: Feishu API credentials are retrieved from environment variables, and access tokens are managed via a local JSON cache file, following standard security practices for secret management.
[DATA_EXFILTRATION]: All network operations are directed to the legitimate Feishu API domain (open.feishu.cn) to facilitate sticker uploads and messaging functionality.
[EXTERNAL_DOWNLOADS]: The skill utilizes standard and well-known Node.js dependencies like ffmpeg-static for its image processing tasks.

feishu-sticker