The Agent Skills Directory

[PROMPT_INJECTION]: The SKILL.md file contains instructions in the '⚠️ 重要：关于代码' section that explicitly command the AI agent not to read or analyze the contents of the scripts/ directory. This is a technique used to hide malicious logic and prevent security auditing.
[CREDENTIALS_UNSAFE]: The config.default.json file contains hardcoded sensitive credentials for the Feishu platform, including appSecret and tenant_access_token. Storing secrets in plain text within skill configuration files is a high-risk practice that can lead to workspace compromise.
[COMMAND_EXECUTION]: The JavaScript files in the scripts/ directory use child_process.execSync to run system-level commands. Specifically, they execute wmic commands to retrieve unique hardware identifiers like the CPU ID, Motherboard Serial Number, and BIOS UUID. This level of system access is excessive and unnecessary for a Markdown conversion tool.
[DATA_EXFILTRATION]: The skill collects sensitive device-specific hardware identifiers. Given the obfuscated nature of the code and the hidden instructions, this collection of data without disclosure constitutes a significant risk of unauthorized data gathering or exfiltration.
[REMOTE_CODE_EXECUTION]: The scripts are heavily obfuscated using complex string array transformations and index lookups, which is a common pattern for hiding malicious behaviors such as remote command execution or credential theft from both humans and automated scanners.

feishu-docx