egghead-slack

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). This skill is explicitly designed to passively read and systematically index virtually all Slack content (channels, DMs, files) using a high-privilege user token and an external backfill/indexing pipeline, kept private and Joel-only — a covert surveillance/exfiltration pattern that functions as a backdoor for sensitive workspace data.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly reads and indexes user-generated Slack content (see search.messages, conversations.history, file downloads, and the slack-channel-backfill → Typesense pipeline in SKILL.md) from the egghead.io workspace (including Slack Connect external users), and that content is consumed as private context that can influence the agent's decisions and messaging; therefore it exposes the agent to untrusted third‑party input that could enable indirect prompt injection.