The Agent Skills Directory

[DATA_EXFILTRATION]: The skill documentation in SKILL.md includes instructions for the agent to execute cat ~/.claude.json. This file is a highly sensitive configuration file for the agent, containing API keys and connection details for all configured MCP services. Accessing this file poses a high risk of total credential exposure.\n- [EXTERNAL_DOWNLOADS]: The feishu-mcp-setup.js setup script and SKILL.md use npx to fetch and run the @larksuiteoapi/lark-mcp package. Although this is an official package from a recognized technology provider, it constitutes a remote code download and execution vector.\n- [COMMAND_EXECUTION]: The skill includes several shell scripts (feishu-mcp-setup.sh, feishu-send.sh, md2feishu.sh) and instructions that perform command-line operations, including file system access and interacting with external APIs via curl.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it ingests data from external Feishu sources like messages, documents, and Bitable records. Ingestion points: SKILL.md, feishu_api.py (get_bitable_records, get_messages, search_docs). Boundary markers: absent. Capability inventory: SKILL.md (Bash, Read, Write, Edit, mcp__lark-mcp_*). Sanitization: absent.

feishu-automation