slackbot-automation
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill is susceptible to Indirect Prompt Injection. It ingests untrusted data from Slack messages and threads and has write/execute capabilities. * Ingestion points: Slack workspace messages. * Boundary markers: Absent. * Capability inventory: RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH. * Sanitization: Absent.
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill requires registering a third-party MCP endpoint (https://rube.app/mcp) that is not on the trusted source list. This grants an external service control over tool schemas and execution strategies.
Recommendations
- AI detected serious security threats
Audit Metadata