slack-user-context
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: Indirect prompt injection vulnerability surface. \n
- Ingestion points: The skill retrieves and processes untrusted data from user profiles, direct message history (im:history), and public channels (search:read.public) as described in SKILL.md. \n
- Boundary markers: The instructions do not define delimiters or provide 'ignore embedded instructions' directives to prevent the agent from obeying commands hidden within the ingested chat content. \n
- Capability inventory: The skill influences escalation decision-making and integrates with operational tools like pyATS for network analysis. \n
- Sanitization: No mechanisms are specified for filtering or sanitizing the ingested Slack data before it is presented to the language model. \n- [NO_CODE]: The skill consists entirely of instructional markdown and YAML metadata; it does not include any Python scripts, JavaScript, or other executable source files.
Audit Metadata