slack-automation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONNO_CODE
Full Analysis
- Indirect Prompt Injection (LOW): The skill exposes a surface for indirect prompt injection by reading untrusted data from Slack messages.\n
- Ingestion points: Message data is retrieved via SLACK_SEARCH_MESSAGES, SLACK_FETCH_CONVERSATION_HISTORY, and SLACK_FETCH_MESSAGE_THREAD_FROM_A_CONVERSATION as described in SKILL.md.\n
- Boundary markers: The skill lacks explicit delimiters or instructions to treat external message content as untrusted data.\n
- Capability inventory: The agent has access to sensitive tools such as SLACK_SEND_MESSAGE, SLACK_LIST_ALL_USERS, and channel management functions.\n
- Sanitization: There is no evidence of content sanitization or validation before the ingested data influences agent behavior.\n- Data Exfiltration (LOW): The skill involves network operations to a non-whitelisted domain (https://rube.app/mcp). Workspace information and message content are transmitted to this external third-party endpoint during normal operation.
Audit Metadata