The Agent Skills Directory

Indirect Prompt Injection (HIGH): The skill is highly vulnerable to indirect prompt injection because it processes untrusted content from external spreadsheets.
Ingestion points: feishu-cli sheet read, sheet read-plain, and sheet read-rich in SKILL.md.
Boundary markers: None. The instructions do not define delimiters or warn the agent to ignore instructions embedded within the spreadsheet data.
Capability inventory: The skill has powerful write and administrative capabilities, including sheet write, sheet delete-sheet, sheet delete-rows, and sheet protect.
Sanitization: No sanitization or validation logic is described for the incoming spreadsheet data.
Risk: An attacker could place malicious instructions in a spreadsheet that, when read by the agent, cause it to delete data, leak information, or perform unauthorized administrative actions.
Command Execution (HIGH): The skill relies on the Bash tool to execute feishu-cli commands.
Evidence: Multiple examples in SKILL.md show the agent interpolating JSON strings directly into shell commands (e.g., --data '[["姓名","年龄"]]').
Risk: If the agent interpolates untrusted data from a user or a spreadsheet into these bash arguments without perfect escaping, it could lead to command injection on the host environment.
Unverifiable Dependencies (MEDIUM): The skill requires feishu-cli to function.
Evidence: Referenced throughout SKILL.md and required for all operations.
Risk: feishu-cli is not a listed trusted source. Running unverified binaries or scripts as part of a skill is a security risk as the underlying behavior of the tool is unknown and unvetted.

feishu-cli-sheet