🐞 Issue: `list_messages` in Slack App Requires Token but Doesn't Prompt for It

[jenilv-icpl]

While trying to fetch messages using the list_messages action from the Slack app in the communication category, the system returns a 400 error due to a missing required field: token.

📤 Request Sent:

{
  "skip_workflow": true,
  "action": "list_messages",
  "fields": [
    {"key": "chennel id", "value": "C08KAEC7ZKK"}
  ],
  "app": "slack",
  "category": "communication"
}

❌ Response:

{
  "success": false,
  "reason": "Not all required fields are set",
  "label": "list_messages",
  "missing_fields": "token",
  "action": "get_search_messages"
}

🔍 Problem:

• The Slack app requires a token for listing messages, but the list_messages action does not prompt for the token field in the UI.
• As a workaround, a token might be passed through the fields section, but this introduces a security risk, especially if this is exposed to AI or other automated systems.
• It’s not secure or user-friendly to expect users to pass sensitive credentials like tokens manually.

⚠️ Security Concern:

Sensitive data like tokens should not be passed manually through input fields, especially when AI is involved. This is a security vulnerability.

🔧 Suggested Fix:

• Update the Slack app definition so that the token field is clearly prompted in the UI as a required secure credential, not a manual field entry.
• Alternatively, the system should fetch the token from saved app credentials (e.g., through backend secrets or OAuth config) rather than asking the user to input it every time.
• Fix the backend logic for the Slack app only, as this issue seems isolated to how it handles credentials for actions like list_messages.

✅ Expected Behavior:

• Users should not be asked to manually input or pass tokens.
• Errors for missing tokens should be clear, and sensitive fields should be marked as secure credentials.