slack
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious code, prompt injections, or unauthorized data exfiltration patterns were identified. The skill interacts with the official Slack API using standard methods.
- [COMMAND_EXECUTION]: The skill utilizes local Ruby scripts to interface with the Slack Web API. These scripts process structured JSON input and do not execute arbitrary shell commands.
- [CREDENTIALS_UNSAFE]: Slack OAuth tokens are managed via external configuration files stored in the user's home directory (~/.claude/.slack/workspaces/). The scripts read these tokens at runtime, which is a recommended practice to avoid exposing secrets in the skill source or logs.
- [EXTERNAL_DOWNLOADS]: Dependencies are managed via a Gemfile and are limited to trusted libraries such as slack-ruby-client and faraday. No remote code is downloaded or executed at runtime.
Audit Metadata