slack

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs extracting browser tokens and embedding them verbatim into CLI commands and config files (e.g., add-workspace "xoxc-token" "xoxd-token"), which requires the LLM to handle and output secrets directly, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly fetches and processes user-generated Slack content (messages, threads, search results, digests and exports) via the scripts/slack_client.py API calls such as search_messages, conversations_history, conversations_replies, export and run_digest, so the agent will read and interpret untrusted third‑party user content from Slack workspaces.