agent-slack

skills-sh:stablyai_agent-slack__agent-slack

View source

100/100

First Seen

Feb 18, 2026

Last Scanned

Feb 20, 2026

Findings

Score

100/100

LOW 2

Findings (2)

LOW

User-provided URL consumed by agent INDIRECT_005

indirect-injection L5

Detects skills where user-provided URLs are consumed and processed by the agent

read (given a URL

FIX

Validate and sanitize user-provided URLs before fetching them. Implement URL allowlisting, block private/internal IP ranges, and treat fetched content as untrusted data.

FP?

Likely FP if the skill is a web browser or URL fetcher where consuming user-provided URLs is the documented core feature with appropriate sandboxing.

LOW

Runtime URL controlling behavior THIRDPARTY_001

third-party-content L65

Detects URLs fetched at runtime that control or influence agent behavior without pinning

get "https:// + rules

FIX

Avoid loading configuration or behavior-controlling content from runtime URLs. Bundle required configurations locally or pin remote config to versioned, integrity-verified endpoints.

FP?

Likely FP if the URL in the match is a documentation link or example URL (e.g., example.com) rather than an actual runtime-fetched configuration endpoint.