The Agent Skills Directory

[COMMAND_EXECUTION]: The skill's execution flow includes a Python one-liner (python3 -c "d=open('<file.md>','rb').read(); ...") used to validate UTF-8 encoding. This command uses string interpolation of the file path, which allows for arbitrary code execution if the path contains single quotes or other shell-sensitive characters (e.g., ''); import os; os.system('id'); #.md').
[DATA_EXFILTRATION]: The instructions marked as 'CRITICAL' mandate that the agent immediately grant full_access and transfer document ownership to a hardcoded email address (user@example.com). While intended as a placeholder, an automated agent following these instructions literally would leak document content and relinquish ownership to an external party.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it ingests untrusted Markdown data and provides the agent with powerful tools like Bash to process it.
Ingestion points: Markdown file path and content (referenced in SKILL.md).
Boundary markers: Absent; there are no instructions to the agent to ignore embedded commands within the Markdown file.
Capability inventory: Bash tool usage for executing feishu-cli and python3 commands (defined in SKILL.md).
Sanitization: The skill only performs a UTF-8 encoding check; it does not sanitize or validate the content of the Markdown file for malicious instructions.

feishu-cli-import