slack

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt embeds explicit client ID and client secret values and instructs copying them into .env (and into credential files), which requires the model to handle and could cause it to output those secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill calls Slack APIs to read and search user-generated workspace content (e.g., "search_messages", channel/DM "history", file listing/upload scripts referenced in the Available Operations and example scripts), exposing the agent to untrusted third-party messages and files that could carry indirect prompt injections.

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

• Secret detected (high risk: 1.00). The .env Quick Setup contains literal credentials:
• SLACK_CLIENT_ID=3499735674373.10122697240033 (real-looking client ID, not a placeholder)
• SLACK_CLIENT_SECRET=dce1a170a489edab7234411850b8aeab (high-entropy hex-like secret)

These are not placeholders, truncated values, or simple setup passwords — they are literal, usable OAuth credentials for Slack. Flag as a secret and recommend removing from docs/repo and rotating the secret immediately.