feishu-notify

Mostly coherent as a Feishu notification helper: push mode is low-risk and uses Feishu's official webhook domain. The main concern is interactive mode, which introduces a personal third-party localhost bridge and returns untrusted human/chat content to other skills, creating medium supply-chain and prompt-injection risk. Overall suspicious but not malicious.