The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses the Bash tool to execute feishu-cli commands. This is the intended purpose of the skill to provide Feishu integration and management capabilities.
[DATA_EXPOSURE]: The skill manages sensitive Feishu credentials, including app_id, app_secret, and OAuth access/refresh tokens. These are stored locally in ~/.feishu-cli/config.yaml and ~/.feishu-cli/token.json. The instructions correctly specify that these files should have restricted 0600 permissions to prevent unauthorized access by other users on the system.
[INDIRECT_PROMPT_INJECTION]: The skill allows the agent to fetch and process untrusted content from external Feishu APIs (e.g., via search, msg get, or vc notes commands).
Ingestion points: Untrusted data enters the agent context through the stdout of feishu-cli commands that retrieve messages, document content, or search results from Feishu.
Boundary markers: Absent. The skill does not provide instructions for using delimiters or boundary markers to separate retrieved data from the agent's instructions.
Capability inventory: The skill has Bash and Read permissions, enabling it to execute commands and read local files.
Sanitization: No sanitization or validation of the retrieved content is performed before it is presented to the agent.

feishu-cli-auth