slack-bot-builder
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Data Exposure & Exfiltration] (SAFE): The skill follows security best practices by accessing sensitive credentials like
SLACK_BOT_TOKENandSLACK_SIGNING_SECRETvia environment variables (os.environ) rather than hardcoding them. - [Indirect Prompt Injection] (LOW): The skill demonstrates processing external data from Slack users (e.g., message text, slash command bodies, and modal inputs).
- Ingestion points: Untrusted data enters the agent context through event handlers in
SKILL.md(e.g.,handle_hellomessage content andhandle_ticket_commandbody). - Boundary markers: Absent in the provided snippets.
- Capability inventory: The snippets perform Slack API operations (
say,views_open) and demonstrate database interactions in the OAuth pattern. - Sanitization: None implemented in the provided educational code snippets.
- [Obfuscation] (SAFE): No obfuscation, zero-width characters, or hidden content detected.
- [Remote Code Execution] (SAFE): No patterns for downloading or executing remote code from untrusted sources were found.
Audit Metadata