The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8). It retrieves and processes external content such as meeting summaries, tasks, and document text from the Lark (Feishu) platform via the lark-cli utility. This external content could contain malicious instructions designed to influence the agent's behavior. The skill lacks explicit boundary markers or instructions to ignore embedded commands in the fetched data. Furthermore, the skill has the capability to write to the local file system (e.g., via +media-download and transcript downloads) and execute various API-related commands, which could be exploited if an indirect injection is successful. \n- Ingestion points: Meeting transcripts, summaries, and document content retrieved from the Lark API via lark-cli docs +fetch and lark-cli vc +notes. \n- Boundary markers: Absent. The instructions do not provide delimiters or warnings to treat external content as untrusted. \n- Capability inventory: File system writing (e.g., downloading images and transcript files) and network API operations via lark-cli. \n- Sanitization: Absent. There is no specified logic for sanitizing or escaping the content retrieved from external sources before it is processed by the agent.

lark-vc