slack

SUSPICIOUS. The basic Slack API scripts align with the stated purpose, but the Session Bridge materially expands scope: it depends on an unverifiable personal-repo daemon, forwards Slack tokens to that external code, and allows untrusted Slack messages to drive the current agent session with full tool access. The main risk is not confirmed malware, but disproportionate trust, credential forwarding, transitive dependency/skill trust, and high prompt-injection/autonomy exposure.