The Agent Skills Directory

COMMAND_EXECUTION (LOW): The main orchestration script (orchestrator.py) uses the subprocess module to coordinate the execution of specialized sub-scripts (parser, creator, adder, etc.) provided within the skill package. These calls are limited to the skill's own local scripts.
EXTERNAL_DOWNLOADS (LOW): The documentation instructs the user to install the playwright package and its associated browser binaries. This is a legitimate requirement for the document verification feature which uses a headless browser to confirm document accessibility.
DATA_EXPOSURE (LOW): The image upload feature (feishu-block-adder) allows reading local files from paths specified in the Markdown input. While this is the intended functionality for uploading local images to Feishu, users should be aware that processing a malicious Markdown file containing paths to sensitive system files could lead to those files being uploaded to the user's Feishu account.
Indirect Prompt Injection (LOW):
Ingestion points: The skill ingests untrusted data from local Markdown files (input.md) and browser-rendered content (page titles) during verification.
Boundary markers: No explicit delimiters or LLM-facing warnings are used to wrap the ingested content in the scripts.
Capability inventory: The skill possesses significant capabilities, including file system read/write access, network communication with Feishu APIs, and browser automation via Playwright.
Sanitization: The parser and verifier include logic to sanitize text by removing zero-width characters and bidirectional control characters to prevent formatting issues or invisible injections.
Credential Handling (SAFE): The skill manages sensitive Feishu application credentials and OAuth tokens using local configuration files (.claude/feishu-config.env and .claude/feishu-token.json). The code correctly uses these secrets only for authenticated requests to official Feishu endpoints.

feishu-doc-orchestrator