slack-webhook
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is susceptible to indirect prompt injection because it interpolates external data directly into Slack Block Kit payloads without escaping or validation. * Ingestion points: Function arguments in 'build_anomaly_alert' and the 'message' dictionary in 'send_slack_alert' (SKILL.md). * Boundary markers: Absent; the code uses direct f-string interpolation. * Capability inventory: Network POST operations via 'urllib.request.urlopen'. * Sanitization: Absent; input strings are not sanitized for Slack Markdown or Block Kit control characters.
- [Data Exposure] (SAFE): The skill retrieves the 'SLACK_WEBHOOK_URL' from environment variables, which is the expected and standard method for configuring such integrations.
Audit Metadata