slack
Warn
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill includes commands to import Slack authentication tokens from local application data and browser profiles, such as
slack auth import-desktop,slack auth import-chrome, andslack auth import-firefox(documented in references/commands.md). While functional for setup, this involves the extraction of sensitive credentials from other software on the system.\n- [EXTERNAL_DOWNLOADS]: As part of retrieving messages or performing searches, the CLI tool automatically downloads attachments to local directories like~/.agent-slack/tmp/downloads/. This results in external, potentially untrusted files being written to the local filesystem (documented in references/output.md).\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted content from Slack. \n - Ingestion points: The skill fetches data via
slack message get,slack message list, andslack search(references/commands.md).\n - Boundary markers: There are no specific delimiters or instructions to the agent to disregard commands within the fetched message content.\n
- Capability inventory: The agent has the authority to perform impactful actions like sending, editing, or deleting messages, and inviting users to channels (SKILL.md).\n
- Sanitization: No evidence of sanitization or content validation is provided in the documentation.\n- [COMMAND_EXECUTION]: The skill performs sensitive workspace operations, such as managing user invites and channel configurations, by executing the
slackCLI tool with high-level permissions.
Audit Metadata