The Agent Skills Directory

[Data Exposure] (SAFE): The code samples correctly use environment variables for sensitive credentials (e.g., SLACK_BOT_TOKEN) and explicitly recommend database-backed storage with encryption for production environments to protect OAuth tokens.- [Indirect Prompt Injection] (LOW): The skill defines patterns for ingesting untrusted data from Slack messages and incident reports, which is a standard requirement for this application type but introduces an attack surface. Evidence Chain: 1. Ingestion points: Slack message body in handle_hello, slash command payload in handle_ticket_command, and the incident dictionary in build_notification_blocks. 2. Boundary markers: Absent. 3. Capability inventory: say(), client.views_open(). 4. Sanitization: Absent (only UI-driven truncation). Developers should sanitize this data before interpolation into prompts.- [Remote Code Execution] (SAFE): No patterns for downloading or executing remote code from untrusted sources were detected.

slack-bot-builder