The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill uses npx -y to download and execute the @larksuite/whiteboard-cli package at runtime from the official npm registry. This package is part of the official Lark/Feishu ecosystem.
[COMMAND_EXECUTION]: Utilizes the lark-cli binary and npx to perform operations like querying whiteboard data, updating nodes, and converting diagram formats (Mermaid/PlantUML).
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes data from external Lark documents and whiteboards that could be modified by third parties to include malicious instructions.
Ingestion points: Reads whiteboard content via +query (described in references/lark-whiteboard-query.md) and document content via lark-doc +fetch (referenced in SKILL.md).
Boundary markers: No specific boundary markers or instructions to ignore embedded commands are implemented when processing the retrieved text or code.
Capability inventory: The agent has the ability to execute system commands through lark-cli and npx, as well as write to the local file system using the --output parameter.
Sanitization: The skill does not perform validation or sanitization of the content extracted from whiteboards before presenting it to the agent for further action.

lark-whiteboard