The Agent Skills Directory

[CREDENTIALS_UNSAFE]: Multiple Python scripts (scripts/add_records.py, scripts/list_wiki.py, scripts/read_bitable.py, and scripts/save_to_wiki.py) contain hardcoded APP_ID and APP_SECRET values. Hardcoding sensitive API credentials directly in code is a dangerous practice as it exposes the credentials to anyone with access to the skill files. These should be managed via environment variables or a secure secret management system.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes data retrieved from external sources (Feishu Wiki and Bitable) that an attacker could potentially control.
Ingestion points: scripts/read_bitable.py (reads table records) and scripts/list_wiki.py (reads node titles and metadata).
Boundary markers: None identified; the agent is instructed to process the data without explicit delimitation or warnings to ignore embedded instructions.
Capability inventory: scripts/save_to_wiki.py and scripts/add_records.py provide the ability to write or modify data on the Feishu platform.
Sanitization: No sanitization or validation of the retrieved content is performed before it is presented to the agent.
[DATA_EXFILTRATION]: The skill performs network operations using the requests library to open.feishu.cn. While this is core to its functionality, it transmits document contents and table data to a third-party domain not on the standard whitelist. When combined with the file-reading capability in scripts/save_to_wiki.py, this could be used to exfiltrate local file content.
[COMMAND_EXECUTION]: The skill requires the agent to execute various local Python scripts to perform its tasks. This execution model relies on the integrity of the provided scripts, which in this case contain hardcoded credentials and interact with external network services.

feishu-wiki