Skills
skills/abdullahbeam/nexus-design-abdullah/slack-connect/Gen Agent Trust Hub

slack-connect

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [Indirect Prompt Injection] (LOW): The skill has a high attack surface for indirect prompt injection by processing external data from a Slack workspace.
  • Ingestion points: The scripts channel_history.py, search_messages.py, and search_files.py retrieve untrusted strings from Slack.
  • Boundary markers: Absent; there are no instructions to the agent to treat Slack content as data rather than instructions.
  • Capability inventory: The agent can execute send_message.py, delete_message.py, and upload_file.py, which could be exploited if the agent follows instructions found in Slack history.
  • Sanitization: Absent in the provided markdown workflow.
  • [Command Execution] (SAFE): The skill executes local scripts to perform its tasks.
  • Evidence: Commands like python 00-system/skills/slack/slack-master/scripts/send_message.py are used.
  • Context: These are internal skill scripts and do not appear to be dynamically generated from untrusted input in a dangerous manner.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:14 PM