slack
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from Slack messages and possesses capabilities to perform further actions.
- Ingestion points: Untrusted data enters the agent context via the
readMessagesaction described inSKILL.md. - Boundary markers: There are no explicit boundary markers or instructions to ignore embedded commands within the processed message content.
- Capability inventory: The skill allows the agent to send, edit, delete, and pin messages, as well as fetch member information, which could be manipulated via malicious message content.
- Sanitization: No evidence of sanitization, escaping, or validation of the retrieved message content is provided in the skill definition.
Audit Metadata