The Agent Skills Directory

[PROMPT_INJECTION]: Indirect Prompt Injection vulnerability surface. The skill provides a message bridge that accepts input from external Feishu users and processes it through the agent without sufficient sanitization or instruction boundaries.
[PROMPT_INJECTION]: Ingestion point: The scripts/feishu-webhook.js file implements a Webhook listener at the /webhook/feishu endpoint that accepts POST requests containing user-generated message content from the Feishu platform.
[PROMPT_INJECTION]: Boundary markers: The message payload is forwarded to the OpenClaw Gateway as a JSON object, but it is not wrapped in specific delimiters or accompanied by instructions to the LLM to ignore potentially malicious commands embedded in the user text.
[PROMPT_INJECTION]: Capability inventory: The skill is configured in SKILL.md to have access to several high-privilege tools, including Bash and file system operations (Read, Write, Edit), making it a potential target for exploitation via indirect injection.
[PROMPT_INJECTION]: Sanitization: Although the script parses the message from JSON and removes @mention tokens, it performs no filtering or validation to detect or block prompt injection patterns within the message text.

feishu-channel