The Agent Skills Directory

[PROMPT_INJECTION]: The skill processes untrusted data from document comments and content, creating a potential indirect prompt injection surface.
Ingestion points: Document content is fetched via docs +fetch and comments are retrieved via drive file.comments list in SKILL.md.
Boundary markers: The instructions do not specify explicit boundary markers for separating data from instructions in the command templates.
Capability inventory: The skill utilizes lark-cli for file system writes (via +download, +pull, +export) and network API calls as detailed across several reference files.
Sanitization: The skill provides explicit instructions to escape HTML special characters (<, >) when submitting comments to the API to maintain data integrity.
[SAFE]: The skill uses lark-cli to interact with Larksuite services. Larksuite is a well-known and established professional software vendor. All operations follow standard API patterns for the platform.
[SAFE]: File system operations such as +push, +pull, and +status are explicitly documented to be restricted to the current working directory (CWD), which prevents unauthorized access to sensitive system files outside of the workspace.

lark-drive