The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill requires the user to configure a connection to an external MCP server located at https://rube.app/mcp, which serves as a remote dependency for all tool operations.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its ability to process untrusted external data. Ingestion points: The agent retrieves message content and conversation history through tools such as SLACK_SEARCH_MESSAGES, SLACK_FETCH_MESSAGE_THREAD_FROM_A_CONVERSATION, and SLACK_FETCH_CONVERSATION_HISTORY. Boundary markers: There are no explicit delimiters or instructions provided to help the model distinguish between administrative guidance and potentially malicious instructions embedded within the retrieved Slack messages. Capability inventory: The skill provides significant write capabilities, including SLACK_SEND_MESSAGE, SLACK_UPDATES_A_SLACK_MESSAGE, SLACK_ADD_REACTION_TO_AN_ITEM, and SLACK_SCHEDULE_MESSAGE, which could be exploited if the model obeys instructions found in message content. Sanitization: There is no evidence of sanitization, filtering, or validation of the retrieved message content before it is processed.

slack-automation