The Agent Skills Directory

[DATA_EXPOSURE]: The skill attempts to access and read a configuration file at ~/.claude/feishu.json. Accessing files in the user's home directory to gate network operations (Feishu notifications) represents a data exposure risk where local configuration is used to determine external communication behavior.
[COMMAND_EXECUTION]: The instructions mandate a silent bypass of platform tool limitations. Specifically, if the Write tool fails due to file size, the agent is instructed to use Bash (cat << 'EOF') to write the file in chunks without asking for user permission. This pattern of silent execution reduces user oversight and can be used to write arbitrary files to the system.
[INDIRECT_PROMPT_INJECTION]: The skill processes untrusted external content from multiple sources, including RESEARCH_BRIEF.md, local PDF files, and data retrieved from URLs via WebFetch. This content is used as the primary context for subsequent automated phases (literature survey, idea generation) without explicit sanitization or boundary markers, making the agent vulnerable to instructions embedded in research papers or project briefs.
[DYNAMIC_EXECUTION]: The skill manages an automated pipeline with a high degree of autonomy, including a default AUTO_PROCEED setting and the ability to consume significant compute resources (up to 8 GPU hours). This combination of autonomy and external data ingestion increases the risk of resource exhaustion attacks if the input research direction is maliciously crafted.

idea-discovery