p-slack-triage

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs the agent to display original Slack message content verbatim (Phase 4b step 1), which could contain API keys, tokens, or passwords and thus requires the LLM to output secret values directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill fetches and ingests user-generated Slack messages via explicit Phase 2 calls (e.g., slack_search_public_and_private and slack_read_channel) and then reads/interprets those messages to classify, prioritize, draft, and optionally send replies—so untrusted third-party content from Slack can materially influence agent decisions and tool use.