add-slack

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs the agent to collect the user's Slack Bot Token and App Token and to place them verbatim into a .env file (and wait for the user to provide them), which requires the LLM to handle and potentially output secret values directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly configures a Slack channel (Socket Mode, subscribing to message events, and using the Slack API like conversations.list) so the agent will ingest and act on user-generated Slack messages and channel metadata from external workspaces, allowing untrusted third-party content to influence behavior.