The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The skill manages authentication tokens securely. It instructs the creation of configuration files with restricted permissions (chmod 600) and includes internal functions (maskValue and sanitizeText) to automatically redact App IDs and Secrets from any output or error messages.
[COMMAND_EXECUTION]: The skill architecture prevents shell injection vulnerabilities by using a JSON-based argument passing system (--args-file). This ensures that user-provided document titles or content are never directly interpolated into shell commands.
[EXTERNAL_DOWNLOADS]: Network activity is limited to authorized Feishu/Lark API endpoints. The authentication verification step uses a direct POST request to the official Feishu domain, and temporary files containing secrets for this check are deleted immediately after use.
[SAFE]: The skill utilizes the official @larksuiteoapi/node-sdk, minimizing the risk of supply chain attacks compared to using unverified third-party libraries. All file system operations are scoped to the skill's own configuration directory in the user's home folder.

feishu-docs