slack
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- Indirect Prompt Injection (LOW): The skill exposes a surface for processing untrusted data from Slack messages.
- Ingestion points: The
readMessagesaction in SKILL.md allows the agent to ingest content from external Slack channels. - Boundary markers: There are no markers or instructions defined to prevent the agent from following commands embedded in retrieved Slack messages.
- Capability inventory: The tool provides the agent with the ability to
sendMessage,editMessage,deleteMessage, andreactbased on its processing of Slack data. - Sanitization: No sanitization or validation logic is specified for the message content fetched via the API.
- No Executable Code (SAFE): The provided skill consists only of a markdown definition (SKILL.md) and does not contain any scripts, binary files, or dependency manifests.
Audit Metadata