slack-notifications

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 0.80). The skill includes a mandatory "Memory Protocol" that instructs the agent to read and write internal .claude/context memory files and change its persistence assumptions—instructions unrelated to Slack messaging that attempt to alter agent behavior and state, so they are deceptive/out-of-scope.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's SKILL.md exposes user-generated Slack content via tools like "channel-history", "list-files", "get-reactions", and "get-user", so the agent will fetch and read third-party user messages/files from Slack which could contain instructions that influence behavior.