The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes a bundled script scripts/feishu-send to manage communication with the Feishu API. It safely uses python3 for JSON formatting and cryptographic signing via heredocs, passing data through environment variables to avoid shell injection.
[EXTERNAL_DOWNLOADS]: The script makes network requests to open.feishu.cn, a well-known service (Lark/Feishu), to obtain authentication tokens and upload messages or files. These operations are essential for the skill's primary purpose and target an official endpoint.
[PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it processes untrusted content (messages, titles, and file data) for delivery to an external service.
Ingestion points: Data enters the process via the scripts/feishu-send script through environment variables populated from the agent's context (e.g., MESSAGE, TITLE, BODY).
Boundary markers: The instructions do not define clear delimiters or warnings to prevent the agent from following instructions embedded in the data it is sending.
Capability inventory: The skill possesses network access via curl and file system read capabilities for file uploads.
Sanitization: The script correctly utilizes json.dumps within its Python blocks to ensure that all data is properly escaped before being included in API payloads, preventing technical injection into the Feishu platform.

send-feishu