Feishu SuperToolkit

The skill bundle contains hardcoded Feishu API credentials (FEISHU_APP_ID and FEISHU_APP_SECRET) within the SKILL.md documentation, which is a significant security risk. Additionally, the messaging_api.py file implements a 'send-file' endpoint that accepts an unvalidated 'file_path' parameter, creating an arbitrary file read vulnerability that allows the AI agent to access and exfiltrate any file from the host system to Feishu. While these behaviors align with the stated purpose of a Feishu toolkit, the combination of leaked credentials and high-risk file access capabilities poses a substantial threat to the host environment.