The Agent Skills Directory

[PROMPT_INJECTION]: The skill is highly vulnerable to indirect prompt injection due to its core functionality of reading and processing untrusted external content.
Ingestion points: Commands such as feishu doc read, feishu im list, feishu mail get-message, and feishu minutes get bring data from potentially malicious external sources into the agent's context.
Boundary markers: The instructions do not define delimiters or specific system prompts to isolate external content from the agent's core instructions.
Capability inventory: The skill provides high-privilege write and delete capabilities, such as feishu im send, feishu doc write, feishu task delete, and feishu mail send, which an attacker could exploit via injected instructions.
Sanitization: There is no evidence of sanitization or content validation before data is processed by the agent.
[DATA_EXFILTRATION]: The skill grants the agent broad access to sensitive organizational information, including private messages, document contents, contact details, email communications, and administrative audit logs. While this is the intended purpose, the combination of extensive 'read' access and 'send' capabilities (IM/Email) creates a high-risk path for data exfiltration if the agent is manipulated.
[EXTERNAL_DOWNLOADS]: The setup instructions involve cloning the source code from the author's GitHub repository (github.com/d-wwei/feishu-max-saver-skill.git) and installing dependencies via npm install, which executes third-party code. Additionally, some workflows suggest installing the @mermaid-js/mermaid-cli package.
[COMMAND_EXECUTION]: The skill operates entirely through shell command execution of the feishu CLI tool, requiring the agent to have terminal access and sufficient permissions to execute binaries on the local system.

feishu-max-saver