slack
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing untrusted text from a Slack workspace.\n
- Ingestion points: The skill retrieves message content, channel topics, and user information from the browser DOM using
agent-browser get textandagent-browser snapshot --json(found inSKILL.mdandreferences/slack-tasks.md).\n - Boundary markers: Missing. No delimiters or 'ignore' instructions are used when interpolating Slack content into the agent's context.\n
- Capability inventory: The skill utilizes
Bashto runagent-browser, which has capabilities for browser navigation, data extraction, and writing files (screenshots/JSON) to the local environment.\n - Sanitization: None detected. The skill does not validate or sanitize Slack message content before processing.\n- [EXTERNAL_DOWNLOADS]: The skill uses the
npx agent-browsercommand to execute its core functionality.\n - This command fetches and executes the
agent-browserpackage from the NPM registry at runtime.
Audit Metadata