The Agent Skills Directory

[DATA_EXFILTRATION]: The skill reads local files using fs.readFileSync and uploads them to Feishu's official servers (open.feishu.cn). This behavior is consistent with the skill's primary purpose of sending visual content to the Feishu messaging platform.
[DATA_EXPOSURE]: The skill handles sensitive application credentials (FEISHU_APP_ID and FEISHU_APP_SECRET) via environment variables or configuration files, which is a secure practice compared to hardcoding secrets.
[COMMAND_EXECUTION]: The skill is designed to be executed as a Node.js process, which is typical for automation scripts and does not involve the execution of arbitrary shell commands or untrusted external scripts.
[PROMPT_INJECTION]: The skill includes an indirect prompt injection surface as it accepts a file path and text from external inputs.
Ingestion points: The imagePath and text parameters in scripts/feishu-image.js.
Boundary markers: Not present.
Capability inventory: Uses fs.readFileSync to read local data and https.request to transmit it to an external API.
Sanitization: Validates file existence but does not restrict file paths to specific directories or enforce image-only file types.

feishu-image