pd-slack-send
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local script (resources/pd-slack.ts) using npx tsx to perform its primary function of sending Slack messages as defined in SKILL.md.
- [EXTERNAL_DOWNLOADS]: The use of npx implies a potential download of the tsx package from the npm registry if it is not already cached on the system.
- [PROMPT_INJECTION]: The skill processes user-supplied text via the --text parameter, creating a surface for potential indirect prompt injection. 1. Ingestion points: The argument in SKILL.md. 2. Boundary markers: None identified in the command line template. 3. Capability inventory: Command execution via npx (SKILL.md). 4. Sanitization: None described in the provided documentation.
Audit Metadata