slack-master
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- CREDENTIALS_UNSAFE (HIGH): Hardcoded Slack application credentials found in documentation. Evidence: SLACK_CLIENT_SECRET=dce1a170a489edab7234411850b8aeab in references/setup-guide.md.
- DATA_EXFILTRATION (HIGH): The skill can read arbitrary local files and send them to an external Slack workspace. Evidence: scripts/upload_file.py accepts a --file argument, reads the file content using Path.read_bytes(), and uploads it via requests.post to a URL provided by the Slack API.
- COMMAND_EXECUTION (LOW): Local execution of the openssl command. Evidence: scripts/run_oauth.py uses subprocess.run to generate self-signed certificates.
- PROMPT_INJECTION (LOW): Vulnerable to Indirect Prompt Injection. Ingestion points: scripts/channel_history.py, scripts/dm_history.py, and scripts/search_messages.py ingest raw message text. Boundary markers: Absent. Capability inventory: Posting messages, uploading files, and modifying the .env file. Sanitization: Absent.
Recommendations
- AI detected serious security threats
Audit Metadata