The Agent Skills Directory

[SAFE]: The skill uses the official @larksuiteoapi/node-sdk to interact with Feishu (Lark) APIs, which is the recommended practice for security and stability.
[SAFE]: Authentication is managed through environment variables or a local configuration file, with tokens securely cached. Searching for .env in parent directories is a standard developer convenience for monorepo setups.
[SAFE]: The input_guard.js module provides basic sanitization by removing control characters and validating block structures before submission to the API.
[SAFE]: Network activity is restricted to official Feishu domains (open.feishu.cn, feishu.cn), which are well-known services and exempted from escalation under the trust rules.
[SAFE]: The use of Base64 encoding for cache filenames is a transparent mapping of URLs to filesystem paths and does not constitute malicious obfuscation.

feishu-doc