slack-automation
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [SAFE]: No malicious behavior or security risks were detected. The skill outlines standard procedures for Slack integration.\n- [EXTERNAL_DOWNLOADS]: Recommends adding an external MCP server endpoint (
https://rube.app/mcp). This is the official endpoint for the Rube MCP service, which is a well-known tool for agent integrations, and its inclusion is required for the skill's functionality.\n- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface inherent to Slack automation tools.\n - Ingestion points: Reads external message content from Slack channels and threads via tools like
SLACK_SEARCH_MESSAGESandSLACK_FETCH_CONVERSATION_HISTORY.\n - Boundary markers: No specific delimiters or "ignore" instructions are defined in the skill logic to isolate retrieved data from agent instructions.\n
- Capability inventory: The skill includes tools for sending messages, scheduling posts, and managing channel metadata.\n
- Sanitization: No explicit sanitization or filtering of incoming Slack content is described, relying on the agent's internal safety protocols.
Audit Metadata