The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection because it parses untrusted external data (Feishu card JSON) which could contain malicious instructions embedded in the 'text' or 'lark_md' fields. However, the skill has no dangerous capabilities that could be exploited by such an injection.
Ingestion points: The parse_card_message function in card_parser.py accepts and processes arbitrary JSON input representing card content.
Boundary markers: The skill does not implement boundary markers or instructions for the LLM to ignore embedded commands in the parsed output.
Capability inventory: The skill logic is limited to string manipulation and data structure parsing; it does not perform network operations, subprocess execution, or file writing.
Sanitization: No explicit sanitization or filtering of text content is performed beyond standard Markdown formatting.
[EXTERNAL_DOWNLOADS]: The SKILL.md file contains a instruction to pip install json. While json is a standard built-in Python library and does not require installation, the PyPI package named 'json' is a non-malicious utility/stub package. This is a documentation error by the author rather than a security risk.

feishu-card-parser