pp-slack

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly tells the agent to ask the user for the Slack token and shows a command that embeds the token value verbatim (e.g., claude mcp add -e SLACK_BOT_TOKEN=xoxb-...), which requires the LLM to handle and output the secret directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to run slack-pp-cli commands such as "search", "sync" and use "--data-source live" or "--agent" to fetch and parse Slack channel and DM content (user-generated messages from the third-party Slack workspace), which the agent is expected to read and act on (summarize, decide next actions, post messages), exposing it to untrusted third-party content that could carry indirect prompt-injection.