agent-slack

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 0.90). The prompt explicitly instructs users how to avoid triggering "Claude Code's permission checker" (e.g., forbidding #, certain quotes, python3, ||/&&, redirects) which is guidance to evade security/approval controls and thus is outside the normal Slack-automation purpose.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). This skill documentation exposes explicit, intentional evasion guidance for permission checks and built‑in credential‑harvesting and automation features (browser/desktop credential import, parse-curl, env token usage, automatic attachment downloads, and ability to run workflows/send/delete messages) that could be deliberately abused for credential theft, data exfiltration, and unauthorized remote actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's installation recommends running a remote script via curl -fsSL https://raw.githubusercontent.com/stablyai/agent-slack/main/install.sh | sh, which fetches and executes remote code (install-time dependency) and therefore constitutes a high-confidence runtime-executed external dependency.