The Agent Skills Directory

[COMMAND_EXECUTION]: The skill constructs and executes Bash commands by directly interpolating user-supplied arguments such as <document_id>, <node_token>, and <url>. For example, feishu-cli doc export <document_id>. This creates a significant risk of command injection if a user provides input containing shell metacharacters like semicolons or pipes.
[DATA_EXFILTRATION]: The skill instructions specify accessing sensitive authentication materials, including environment variables (FEISHU_APP_ID, FEISHU_APP_SECRET) and local configuration files (~/.feishu-cli/token.json) that contain user and app access tokens.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection by ingesting untrusted data from external Feishu documents and images. 1. Ingestion points: Document text and assets exported to /tmp/feishu_doc.md and /tmp/feishu_assets/. 2. Boundary markers: No delimiters or protective instructions are used to distinguish external document content from the agent's system instructions. 3. Capability inventory: Access to the Bash tool for command execution and the Read tool for file access. 4. Sanitization: There is no evidence of sanitization or validation performed on the document content before it is read by the agent.
[EXTERNAL_DOWNLOADS]: The skill refers users to download the feishu-cli tool from the author's GitHub repository (riba2534/feishu-cli). This is documented as a neutral dependency reference for the vendor's own tool.

feishu-cli-read