The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The Python script 'scripts/download_feishu_images.py' employs the 'browser_cookie3' library to programmatically read and extract session cookies from the user's local Chrome browser profile. This enables the skill to make authenticated requests for document assets but exposes the user's browser-wide cookie database to the skill's execution environment.\n- [COMMAND_EXECUTION]: The skill's primary workflow involves injecting a complex JavaScript payload ('scripts/feishu_dom_capture.js') into a live browser session using tools like Browser Use or Chrome DevTools. This script is designed to manipulate the DOM, trigger render events, and perform network fetches within the context of the user's authenticated session. Additionally, the skill utilizes system utilities like 'pbpaste' to transfer extracted data from the clipboard to the local filesystem.\n- [PROMPT_INJECTION]: The skill acts as an ingestion engine for external Feishu document content. Because it processes and converts untrusted DOM data into Markdown for local storage without explicit boundary markers or protection against embedded instructions, it presents an indirect prompt injection surface if the resulting files are used as context for further AI agent tasks.\n- [SAFE]: The skill's network operations target official Feishu and Lark domains (e.g., larkoffice.com, feishu.cn), and its dependencies ('requests', 'browser_cookie3') are well-known libraries consistent with the intended scraping functionality.

feishu-doc-scraper