The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute various feishu-cli commands for interacting with the Feishu API. It also uses python3 for a localized timestamp calculation to filter message history. These operations are aligned with the skill's primary purpose.
[PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection (Category 8) because it retrieves and processes untrusted data (chat messages) while maintaining powerful administrative capabilities.
Ingestion points: External data from Feishu chats enters the agent's context through tools like feishu-cli msg history, feishu-cli msg get, and feishu-cli search messages as described in SKILL.md.
Boundary markers: The instructions do not define clear delimiters (e.g., XML tags or specific markdown blocks) to isolate message content or advise the agent to ignore instructions embedded within the retrieved messages.
Capability inventory: The skill provides the agent with the ability to delete chat groups (chat delete), remove members (chat member remove), and delete messages (msg delete) based on the data it processes.
Sanitization: There is no documentation of sanitization or filtering of the message body before it is presented to the LLM for summarization or analysis.

feishu-cli-chat