slack-workflows
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill logic is declarative and restricted to Slack-specific automation tasks without any signs of malicious intent or safety guideline bypasses.
- [PROMPT_INJECTION]: Analysis identified a potential indirect prompt injection surface due to the integration with external data sources.
- Ingestion points: The skill ingests untrusted data from multiple platforms, including GitHub PR descriptions, HubSpot deal data, and Stripe payment event details (SKILL.md).
- Boundary markers: The workflow templates use simple variable interpolation (e.g., {pr_description_summary}) and do not include explicit delimiters or instructions to the model to ignore potential commands embedded in the external text (SKILL.md).
- Capability inventory: The skill's capabilities are limited to Slack messaging, channel creation, and triggering internal workflows through the slack-mcp server (SKILL.md).
- Sanitization: No logic is present for sanitizing or validating the input from external triggers before it is formatted into Slack messages (SKILL.md).
Audit Metadata