slack-communicator-pro
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMNO_CODEPROMPT_INJECTION
Full Analysis
- [NO_CODE] (INFO): No executable code was found in the provided files, which consist of metadata and configuration.
- [PROMPT_INJECTION] (MEDIUM): The skill design presents an indirect prompt injection surface. 1. Ingestion points: Untrusted data is accepted through the 'input' argument. 2. Boundary markers: There are no defined delimiters or instructions to ignore embedded commands. 3. Capability inventory: The skill has the capability to send messages to Slack (external network access) and write to local files via the 'out' argument. 4. Sanitization: No sanitization or validation protocols are mentioned in the documentation. This combination allows external content to potentially trigger unauthorized agent actions or exfiltrate data.
Audit Metadata