egghead-slack

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). This skill deliberately harvests and indexes private Slack content (including DMs, files, and Slack Connect messages) into a private searchable store for a single user using a broad-scoped user token and scripted backfill, which is functionally a targeted data-exfiltration/backdoor pattern even if presented as "private."

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly reads and indexes user-generated Slack content (see search.messages, conversations.history, file downloads, and the slack-channel-backfill → Typesense pipeline in SKILL.md) from the egghead.io workspace (including Slack Connect external users), and that content is consumed as private context that can influence the agent's decisions and messaging; therefore it exposes the agent to untrusted third‑party input that could enable indirect prompt injection.