Channels Guide

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly tells the agent to ask users for bot tokens and to write them into config.patch snippets (e.g., botToken: ""), which requires the LLM to receive and emit secret values verbatim — an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly connects to external IM channels (Telegram, Discord, WeChat, Feishu, Slack, WhatsApp) and states "RC can receive/reply" and "In-Channel Behavior — All RC tools are fully available" in SKILL.md, meaning it ingests untrusted user-generated messages from those public third-party platforms which can directly influence agent actions (e.g., config.patch, gateway.restart).