activity-reporter

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The skill explicitly automates broad access to sensitive internal data (ALL Slack channels including specific individual DMs, Gmail via GOOGLESUPER_FETCH_EMAILS, Notion DB by ID, HubSpot, AskElephant meeting logs, GH/Linear histories) and saves aggregated reports—this constitutes a high-risk data-exfiltration capability and privacy abuse vector (powerful, centralised collection of private communications and metadata), even though there is no obfuscated payload, remote shell, or explicit credential-theft/command-exec backdoor in the content.