pd-slack-find
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONNO_CODE
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or unauthorized data access were identified. The skill uses internal directory references to perform authorized functions.
- [COMMAND_EXECUTION]: The skill uses
npx tsxto run its search scripts. This is a standard execution method for TypeScript-based tools within this environment. - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it processes external Slack user and channel names. The risk is considered minimal due to the read-only nature of the operations. Evidence Chain: Ingestion points: Slack API results (users and channels); Boundary markers: None identified; Capability inventory: Read-only identification queries; Sanitization: Implementation logic is contained within shared internal scripts.
- [NO_CODE]: The skill contains no original source code of its own, acting only as a configuration wrapper for shared resources in a parent directory.
Audit Metadata