The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill interacts with official Lark and Feishu API endpoints including open.feishu.cn and open.larkoffice.com. These are well-known enterprise communication services operated by ByteDance.
[COMMAND_EXECUTION]: Uses standard system utilities curl, jq, and date to perform API requests, process JSON data, and manage timestamps for token expiration. These tools are used within their standard functional scope.
[DATA_EXFILTRATION]: Manages credentials through environment variables (LARK_APP_ID, LARK_TOKEN), which is a recommended security practice for CLI and automation tools. It also caches temporary session tokens in /tmp/lark_token.json to avoid unnecessary re-authentication.
[PROMPT_INJECTION]: The skill processes external data from the Lark API (such as message content and user profiles), which constitutes a surface for indirect prompt injection if the API source contains adversarial content. 1. Ingestion points: API responses for message history and user metadata (SKILL.md). 2. Boundary markers: Not implemented in instructions. 3. Capability inventory: Subprocess calls for network operations via curl (SKILL.md). 4. Sanitization: Content is structured via jq, but raw text content is not explicitly sanitized for LLM safety.

lark