The Agent Skills Directory

[PROMPT_INJECTION]: Indirect prompt injection vulnerability identified. The skill ingests untrusted data from external Feishu documents that could contain instructions meant to override agent behavior.
Ingestion points: Document content is fetched via lark-cli docs +fetch as described in SKILL.md.
Boundary markers: No delimiters or protective instructions are present to prevent the agent from obeying commands embedded within the fetched paper content.
Capability inventory: The skill possesses write capabilities including document modification (lark-cli docs +update) and adding comments (lark-cli drive +add-comment).
Sanitization: There is no evidence of sanitization or validation of the document content before it is processed by the LLM or used in CLI command parameters.
[COMMAND_EXECUTION]: The skill uses a command-line interface (lark-cli) to perform document operations. It constructs commands using data derived from the paper and model-generated feedback, which creates a risk of command injection if the underlying execution platform does not properly sanitize shell arguments.

feishu-paper-reviewer