slack
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes Slack messages and conversation lists, which are untrusted external inputs. This creates a surface for indirect prompt injection where malicious content in a Slack message could attempt to manipulate the agent's behavior. \n
- Ingestion points: Slack message text and conversation metadata fetched via the
readandlistcommands. \n - Boundary markers: No specific delimiters or instructions for handling untrusted content are provided. \n
- Capability inventory: The skill can send messages (
send), search conversations, and list channels. \n - Sanitization: None specified, though the skill includes a drafting rule requiring user confirmation before sending any messages. \n- [COMMAND_EXECUTION]: The skill executes a local Node.js CLI (
dist/slack-cli.js) to interact with the Slack API. The tool definition uses wildcards which allows the agent to provide arbitrary arguments to the script.
Audit Metadata