The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes bash scripts to read and write configuration files. In Step 8, user-provided variables $MENTION and $WEBHOOK_URL are interpolated directly into a curl command string. This presents a potential shell injection risk if the inputs are not strictly validated or escaped before execution.- [DATA_EXFILTRATION]: The skill sends data to hooks.slack.com. This is the intended behavior for configuring Slack notifications and targets a well-known service.- [SAFE]: Step 7 correctly uses jq --arg to safely handle user input when updating the JSON configuration file, which is a security best practice for preventing injection during JSON generation.

configure-slack