slack
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill contains a surface for indirect prompt injection because it reads external data from Slack channels.
- Ingestion points: The
readMessagesaction (SKILL.md) allows untrusted data to enter the agent's context. - Boundary markers: The skill does not define specific delimiters or instructions to prevent the agent from following commands embedded in Slack messages.
- Capability inventory: The skill is limited to Slack-specific actions like
sendMessage,editMessage, andpinMessage; it lacks access to the file system, shell, or external network beyond Slack. - Sanitization: No sanitization or content filtering is described for the retrieved Slack messages.
- [NO_CODE]: The provided skill content consists of a markdown definition and does not include executable scripts or external package dependencies for analysis.
Audit Metadata