agent-slackbot

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt shows explicit CLI examples that place bot tokens (xoxb-...) directly in commands and instructs the agent to accept/set tokens (potentially by asking the user), which would require the model to handle or reproduce secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and processes user-generated Slack messages (third‑party content) — see references/common-patterns.md Pattern 3 and templates/monitor-channel.sh which call agent-slackbot message list/get and then conditionally respond or take actions — so untrusted channel content can influence the agent's subsequent tool use.