add-slack

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly configures a public webhook (/webhook/slack) and subscribes to Slack bot events (message.channels, message.im, app_mention) in SKILL.md, meaning the agent will ingest and act on untrusted, user-generated Slack messages that could contain instructions influencing its behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill uses runtime commands that fetch and install remote code—e.g., "git fetch origin channels" / "git show origin/channels:src/channels/slack.ts" (pulling code from the repo configured as origin) and "pnpm install @chat-adapter/slack@4.26.0" (pulling from the npm registry)—which will be incorporated and executed by the skill, so these are external runtime dependencies that execute remote code.