slack
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [Data Exposure & Exfiltration] (LOW): The skill performs network requests to
https://slack.com/api. While necessary for functionality, the domain is outside the predefined trusted source whitelist. - Evidence:
scripts/slack_api.pylines 86-95 useurllib.requestto send data to the Slack API. - [Indirect Prompt Injection] (LOW): The skill retrieves untrusted data from Slack (messages, threads, search results) which could contain instructions targeting the LLM.
- Ingestion points:
scripts/slack_api.py(functionsget_history,get_thread,search_messages,my_posts). - Boundary markers: The script provides basic separators in text mode (
=== {user} ({ts}) ===) to delimit messages informat_messages. - Capability inventory: The skill can read channel history and user data, and post messages back to Slack.
- Sanitization: Content is truncated by
truncate_text, but no filtering of prompt injection keywords or instruction-like patterns is implemented.
Audit Metadata