pd-slack
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security concerns or malicious patterns were identified in the provided files. The skill functions as a standard API wrapper.
- [DATA_EXFILTRATION]: The skill interacts with the Slack API to perform message and channel operations. It sends and receives data such as message text, channel IDs, and user profiles to and from
https://slack.com/apivia a local proxy. - [PROMPT_INJECTION]: The skill represents a surface for indirect prompt injection as it reads message content from Slack which could be malicious.
- Ingestion points: Slack message history and search results accessed in
pd-slack.ts. - Boundary markers: None.
- Capability inventory: Posting messages, replies, reactions, and updating topics via the Slack API.
- Sanitization: None; data is processed and displayed as-is.
Audit Metadata