The Agent Skills Directory

[COMMAND_EXECUTION]: The script slack_user_cli.py executes the pbpaste command using subprocess.run to retrieve authentication data from the system clipboard during the login --browser process.\n- [CREDENTIALS_UNSAFE]: The skill manages and stores sensitive Slack session credentials, including xoxc- tokens and d cookies, in a local configuration file at ~/.config/slack-user-cli/config.json.\n- [DATA_EXFILTRATION]: The skill is capable of reading authentication credentials from local files and the system clipboard, then transmitting data to Slack's API. While consistent with its stated purpose as a Slack client, this provides a mechanism for accessing and transmitting sensitive session information.\n- [EXTERNAL_DOWNLOADS]: The skill fetches data from the Slack API and downloads content from Slack-hosted URLs using the requests library.\n- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface. Ingestion points: Slack messages (via read, search, thread, and url commands in slack_user_cli.py). Boundary markers: Absent. Capability inventory: send, upload, dm, dm-upload, and canvas-edit in slack_user_cli.py. Sanitization: Absent. Safety guidelines in SKILL.md require human approval for public posts.

slack-user-cli