agent-channeltalkbot

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). This is insecure because the prompt instructs passing raw Access Key and Access Secret as command-line arguments (agent-channeltalkbot auth set ) and shows config files containing access_key/access_secret, which require the LLM to handle or emit secret values verbatim, creating exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs the agent to fetch and parse Channel Talk workspace data (e.g., using agent-channeltalkbot snapshot, message list, and chat list as shown in SKILL.md, references/common-patterns.md, and templates like monitor-chat.sh/post-message.sh), which are user-generated/untrusted messages from third-party workspace users and are used to drive actions (auto-responses, closing chats), so third-party content can materially influence agent behavior.