Skills
skills/gwenwindflower/.charmschool/slack/Gen Agent Trust Hub

slack

Pass

Audited by Gen Agent Trust Hub on Apr 7, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the agent-browser command-line utility through bash to automate navigation, clicks, and text entry within the Slack web application.
  • [EXTERNAL_DOWNLOADS]: Includes commands that use npx to execute the agent-browser package, which involves fetching the tool from the npm registry if it is not already available.
  • [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection due to its interaction with untrusted Slack message content. \n
  • Ingestion points: Slack message text, channel metadata, and thread content (SKILL.md). \n
  • Boundary markers: None; the instructions do not implement delimiters or ignore-behavior markers for processed data. \n
  • Capability inventory: The agent can perform interactive actions like clicking and typing within an authenticated Slack session (SKILL.md). \n
  • Sanitization: None; data is extracted and processed as raw text from the browser's accessibility tree.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 7, 2026, 12:39 PM