slack-automation
Warn
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- External Downloads (MEDIUM): The skill instructs the user to configure an unverified external MCP server (https://rube.app/mcp). This introduces a dependency on a third-party service that is not among the listed trusted sources and which facilitates access to sensitive workspace data.
- Prompt Injection (LOW): The skill creates a surface for indirect prompt injection due to its data ingestion capabilities. Ingestion points: Slack content is ingested via SLACK_SEARCH_MESSAGES and SLACK_FETCH_CONVERSATION_HISTORY (referenced in SKILL.md). Boundary markers: There are no specified delimiters or instructions to treat external message content as untrusted data. Capability inventory: The skill has high-impact capabilities including SLACK_SEND_MESSAGE, SLACK_SCHEDULE_MESSAGE, and SLACK_UPDATES_A_SLACK_MESSAGE. Sanitization: The instructions do not describe any sanitization or escaping of Slack data before it is processed by the agent.
Audit Metadata